API docs by Redocly

Horizon API (2.7.0)

Download OpenAPI specification:

Authentication

Most of the API calls that Horizon uses require you to be authenticated to the API. The first authentication can either be done through the use of an X509 certificate or using credentials of a local account, but every single API call afterward will need to bear the authentication information nonetheless. Regardless of the chosen authentication method, the authorization used must have sufficient permissions to perform the desired operation.

Authenticating using API-ID and API-KEY

This method of authentication requires you to send your Horizon local account credentials as HTTP headers. To check whether the credentials are correct, you can perform a GET request on /api/v1/security/principals/self and check for the response status :

 $ curl https://horizon.evertrust.fr/api/v1/security/principals/self -H "X-API-ID: administrator" -H "X-API-KEY: horizon" -H "Accept: application/json"

Possible responses are:

HTTP Response code Additional information
200 The login information were correct
401 Authentication error, please refer to the response body for more details

Authenticating using an X509 certificate

This method of authentication requires to have a created authorization based on an X509 certificate that has the clientAuth EKU. It also requires you to have imported the CA that issued this certificate in Horizon and turning on the "Trusted for client authentication" switch on that CA. You must then present the certificate on the request you are performing.

To check for the authentication, you can perform a GET request on /api/v1/security/principals/self :

 $ curl https://horizon.evertrust.fr/api/v1/security/principals/self --cert horizon-login-dev-guide.pem --key horizon-login-dev-guide.key -H "Accept: application/json"

Possible responses are:

HTTP Response code Additional information
200 The login information were correct
401 Authentication error, please refer to the response body for more details

Handling next authentications using the Play Session

Once the first authentication is done, the API generates a cookie called "PLAY_SESSION". This cookie holds the authentication information that was used to make the first login (using either previously mentioned method). To save its value for later use, just append the -c cookies.txt to either of the previous curl requests. Instead of using the credentials as headers or passing the certificate at each API call, you can use the cookie :

 $ curl https://horizon.evertrust.fr/api/v1/security/principals/self -b cookies.txt -H "Accept: application/json"

Handling CSRF Token

Our api are used by a frontend and require a CSRF protection. A CSRF token validation is needed when all of the following are true:

  • The request method is not GET, HEAD or OPTIONS.
  • The request has one or more Cookie or Authorization headers.

Receiving the following response with valid credentials can mean that your request has failed the CSRF token validation:

{
    "error": "SEC-AUTH-002",
    "message": "Invalid credentials or principal does not exist",
    "title": "Invalid credentials or principal does not exist",
    "status": 401
}

To avoid the CSRF token validation in api usage:

  • Authentication using API-ID and API-KEY headers should be prioritized as http basic authentication results in the creation of an Authorization header.
  • Avoid the use of cookies as api usage does not require them.

If you cannot avoid those cases, the following procedure explains how to handle the CSRF token validation.

First you will have to retrieve a valid cookie CSRF token from the server.

 $ curl https://horizon.evertrust.fr/api/v1/security/principals/self --header 'X-API-ID:administrator' --header 'X-API-KEY:horizon' -c cookies.txt

Once done the file cookies.txt should have two entries:

  • A play session
  • A CSRF token:
localhost	FALSE	/	FALSE	0	csrf-token	456aa18162e8736047dbd878617283aa361cd83e-1708941483170-da503a15304a666a96748f5d
localhost	FALSE	/	FALSE	1708942383	PLAY_SESSION	eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImlkZW50aWZpZXIiOiJhZG1pbmlzdHJhdG9yIiwibmFtZSI6Ikhvcml6b24gQWRtaW5pc3RyYXRvciIsImlkcFR5cGUiOiJMb2NhbCIsImlkcE5hbWUiOiJsb2NhbCJ9LCJleHAiOjE3MDg5NDIzODMsIm5iZiI6MTcwODk0MTQ4MywiaWF0IjoxNzA4OTQxNDgzfQ.79xRjdGhaVv_5mM8bpkLgcL78QCEWu08zgthP_dt9Pc

To successfully authenticate to the server, both the csrf-token cookie and a csrf-token header containing the cookie content should be defined.

Sending a POST request using cookies without the csrf-token header will result in the forbidden html page:

curl --location 'localhost:9000/api/v1/certificate/labels' \
--header 'X-API-ID: administrator' \
--header 'X-API-KEY: evertrust' \
--header 'Content-Type: application/json' \
-b cookies.txt \
--data '{
    "name": "NEW_LABEL",
    "displayName" : [],
    "description": []
}'

A valid authentication also copies the content in the csrf-token header:

curl --location 'localhost:9000/api/v1/certificate/labels' \
--header 'X-API-ID: administrator' \
--header 'X-API-KEY: evertrust' \
--header 'csrf-token: 456aa18162e8736047dbd878617283aa361cd83e-1708941483170-da503a15304a666a96748f5d' \
--header 'Content-Type: application/json' \
--data '{
    "name": "NEW_LABEL",
    "regex": null,
    "displayName" : [],
    "description": []
}'

Certificates

The Certificate object represents a certificate that is known to Horizon. Horizon can manage its compliance with your corporate policies, and can also manage its lifecycle. A certificate can either be issued through Horizon or be discovered by a third-party client, such as horizon-cli. You won't be able to directly issue certificates through this API, but you'll need to use the Requests API instead.

List certificates

List certificate(s) matching any ID sent

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The list of certificates IDs to fetch

Array
string

The certificate id

Responses

Request samples

Content type
application/json
[
  • "644796623000003800cc6c4b"
]

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve a certificate

Retrieves a specific certificate based on its ID

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string[0-9a-fA-F]{24}
Example: 644796623000003800cc6c4b

The ID of the certificate to retrieve

Responses

Response samples

Content type
application/json
{
  • "certificate": {
    },
  • "permissions": {
    }
}

Retrieve a certificate by PEM

Retrieve a specific certificate based on its PEM encoded value

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
pem
required
string
Example: -----BEGIN%20CERTIFICATE----- ... -----END%20CERTIFICATE-----

The URL encoded PEM encoded value of the certificate

Responses

Response samples

Content type
application/json
{
  • "metadata": [
    ],
  • "notAfter": 1609459200000,
  • "thumbprint": "30f727ea932acc3e7ec4716a7c1d1d571a0b9124afbe1d1d81a205562164c69c",
  • "revocationDate": 0,
  • "certificate": "-----BEGIN CERTIFICATE-----\nMI....\n-----END CERTIFICATE-----",
  • "dn": "CN=Test Certificate,OU=Test,O=Test,L=Test,ST=Test,C=US",
  • "grades": [
    ],
  • "revoked": true,
  • "escrowed": true,
  • "issuer": "CN=Test CA,OU=Test,O=Test,L=Test,ST=Test,C=US",
  • "notBefore": 1609459200000,
  • "crlSynchronized": true,
  • "selfSigned": false,
  • "discoveredTrusted": true,
  • "keyType": "rsa-2048",
  • "thirdPartyData": [
    ],
  • "owner": "string",
  • "publicKeyThumbprint": "4d0faebaeaa595aba5fafe6040fa8a2143b019b59a2b25ced3b2fb7393ee10e2",
  • "contactEmail": "user@example.com",
  • "module": "webra",
  • "profile": "DefaultProfile",
  • "team": "string",
  • "holderId": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
  • "labels": [
    ],
  • "discoveryInfo": [
    ],
  • "subjectAlternateNames": [
    ],
  • "triggerResults": [
    ],
  • "extensions": [
    ],
  • "serial": "1",
  • "signingAlgorithm": "SHA256WITHRSA",
  • "discoveryData": [
    ],
  • "_id": "6448d56b310000400063f014",
  • "revocationReason": "string"
}

Run a certificate trigger

When a trigger fails, the user might have the ability to run the trigger manually again. This is only possible when retryable is set to true in the triggerResult.

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string
Example: 644796623000003800cc6c4b

The ID of the certificate

triggerName
required
string
Example: TestTrigger

The name of the trigger

event
required
string
Enum: "on_enroll" "on_revoke" "on_update" "on_recover" "on_migrate" "on_expire" "on_renew"

Responses

Response samples

Content type
application/json
{
  • "certificate": {
    },
  • "permissions": {
    }
}

Retrieve the certificate search dictionary

Return the certificate search dictionary. The dictionary is computed based on the principal and includes:

  • The list of certificate profiles on which the principal is authorized to search on;
  • The list of discovery campaigns the principal is authorized to search on;
  • The list of labels the principal is authorized to search on;
  • The list of modules available on the Horizon instance;
  • The list of available teams on the Horizon instance;
  • The list of available grading policies on the Horizon instance;
  • The list of available metadata on Horizon.
Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
{
  • "profiles": [
    ],
  • "campaigns": [
    ],
  • "teams": [
    ],
  • "labels": [
    ],
  • "metadata": [
    ],
  • "modules": [
    ],
  • "gradingPolicies": [
    ]
}

Search certificates

Send a certificate search query (in HCQL format) and return the certificate search results

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
enableAnalytics
boolean

Use the analytics database if enabled. true if not specified.

Request Body schema: application/json
required
query
string or null

The HCQL query to use for the search, represents the way to filter certificates. If not specified, it will filter nothing

HCQL syntax guide
fields
Array of strings or null

The fields to be returned by the search. If this parameter is not specified, everything is returned by default. If this parameter is equal to an empty array, only the _id field is returned.

Array of objects or null (SortElement)

The way to sort the search results.

pageIndex
integer or null <int32>
Default: 1

The index of the page to retrieve

pageSize
integer or null <int32>
Default: 50

The maximum number of items to retrieve for one page

withCount
boolean or null
Default: false

If set to true, the total count of certificates matching the HCQL query will be returned.

Responses

Request samples

Content type
application/json
{
  • "query": "status is valid",
  • "fields": [
    ],
  • "sortedBy": [
    ],
  • "pageIndex": 1,
  • "pageSize": 50,
  • "withCount": false
}

Response samples

Content type
application/json
{
  • "results": [
    ],
  • "pageIndex": 1,
  • "pageSize": 50,
  • "count": 12,
  • "hasMore": false
}

Find a certificate

Find a certificate by its Id or PEM

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required
One of
id
required
string

Internal id of the certificate to find

Responses

Request samples

Content type
application/json
Example
{
  • "id": "6448d56b310000400063f014"
}

Response samples

Content type
application/json
{
  • "certificate": {
    },
  • "permissions": {
    }
}

Certificate aggregation

Send a certificate aggregation query and return the aggregation result

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
enableAnalytics
boolean

Use the analytics database if enabled. true if not specified.

Request Body schema: application/json
required

The certificate aggregation query

query
string or null

The HCQL query to use for the search, represents the way to filter certificates. If not specified, it will filter nothing

HCQL syntax guide
groupBy
Array of strings or null

The field that the aggregation will take place on

withCount
boolean or null

If set to true, the total count of certificates matching the HCQL query will be returned

sortOrder
string or null
Enum: "Asc" "Desc" "KeyAsc" "KeyDesc"
limit
integer or null <int32>

In case of an aggregate sending a lot of different results, how many must be sent back

object or null (Having)

A condition to apply to the result. Only the aggregates results with more than 5 certificates in them can be kept for example

Responses

Request samples

Content type
application/json
{
  • "query": "status is valid",
  • "groupBy": [
    ],
  • "withCount": true,
  • "sortOrder": "Asc",
  • "limit": 3,
  • "having": {
    }
}

Response samples

Content type
application/json
{
  • "items": [
    ],
  • "count": 6
}

Export certificates

Send a certificate search query (in HCQL format) and return the certificate search results in CSV format

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
enableAnalytics
boolean

Use the analytics database if enabled. true if not specified.

Request Body schema: application/json
required

The certificate search query

query
string or null

The HCQL query to use for the search, represents the way to filter certificates. If not specified, it will filter nothing

HCQL syntax guide
fields
Array of strings or null

The fields to be returned by the search. If this parameter is not specified, everything is returned by default. If this parameter is equal to an empty array, only the _id field is returned.

Array of objects or null (SortElement)

The way to sort the search results.

pageIndex
integer or null <int32>
Default: 1

The index of the page to retrieve

pageSize
integer or null <int32>
Default: 50

The maximum number of items to retrieve for one page

withCount
boolean or null
Default: false

If set to true, the total count of certificates matching the HCQL query will be returned.

Responses

Request samples

Content type
application/json
{
  • "query": "status is valid",
  • "fields": [
    ],
  • "sortedBy": [
    ],
  • "pageIndex": 1,
  • "pageSize": 50,
  • "withCount": false
}

Response samples

Content type
application/problem+json
Example
{
  • "error": "CERT-SEARCH-002",
  • "message": "Invalid Search Request",
  • "title": "Invalid Search Request",
  • "detail": "Details about the error",
  • "status": 0
}

Requests

Requests are how certificates are enrolled through Horizon. A request is linked to a profile, which specifies a PKI connector that will be used to issue the certificate, and grants rights to users to issue certificates on the given profile.

Requests lifecycle

All Horizon requests share the same lifecycle steps :

  1. The request is submitted by the requester;
  2. If the requester has direct permissions on the considered workflow, the request is immediately completed;
  3. If the requester only has request permissions on the considered workflow, the request is set as Pending;
  4. While the request is pending, the requester may cancel the request, putting it in the Canceled state;
  5. While the request is pending, the approver may deny the request, putting it in the Denied state;
  6. While the request is pending, the approver may accept the request, putting it in the Approved state;
  7. If the request concerns an EST or a SCEP challenge, the request stays Approved until the challenge is used, at which point it will be put in the Completed state;
  8. Otherwise, the request immediately goes from Approved to Completed.

List profiles

All requests on Horizon are linked to a profile, which defines a certificate template and a PKI connector which will sign the certificate.
Before submitting a request (such as an enrollement or revocation request), you must choose the profile on which you want to perform the operation.
This endpoint lists certificate profiles on which a principal owns a given workflow capability, such as enroll or revoke.

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
module
string or null
Enum: "acme" "est" "scep" "wcce" "webra" "crmp"

Only return profiles from a given module. If not specified, all profiles will be returned.

workflow
string or null
Enum: "enroll" "revoke" "recover" "renew" "update" "migrate" "import"

Only return profiles on which the principal owns a given workflow capability. If not specified, all profiles will be returned.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve a request template

Retrieve the template to fulfill a specific request. The template indicates the required element to include when submitting a new request

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The request on which to return the template

One of
workflow
required
string
Value: "enroll"

The workflow for which to return the template.

module
required
string
Value: "webra"

The module for which to return the template.

profile
string or null (Certificate profile)

The profile for which to return the template.

object

An optional CSR can be given to pre-fill the template

certificateId
string or null (Horizon certificate ID)

Used to pre-fill the template field with the certificate values.

certificatePem
string or null (Certificate pem)

Used to pre-fill the template field with the certificate values.

Responses

Request samples

Content type
application/json
Example
{
  • "workflow": "enroll",
  • "module": "webra",
  • "profile": "webra_centralized",
  • "template": {
    },
  • "certificateId": "6448d56b310000400063f014",
  • "certificatePem": "-----BEGIN CERTIFICATE----- ..."
}

Response samples

Content type
application/json
Example
{
  • "workflow": "enroll",
  • "module": "webra",
  • "profile": "webra_centralized",
  • "template": {
    }
}

Submit a request

Submit a new request

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The Request to submit

One of
profile
required
string

The WebRA profile name

object

The password to decrypt the PKCS12 file. Must be set if password mode is manual

requesterComment
string or null

Free-text field editable by the requester to provider more context on the request

module
required
string
Value: "webra"

The module that will be used to process this request. For a WebRA request, this is always webra

workflow
required
string
Value: "enroll"

What this request will do. For an enrollment request, this is always enroll

required
object (WebRA Enroll Request Template)

The user-data that will be used to generate the certificate

dryRun
boolean or null
Default: false

If true, the request is validated, but will not result in an enrollment

Responses

Request samples

Content type
application/json
Example
{
  • "profile": "string",
  • "password": {
    },
  • "requesterComment": "I need this certificate to access the VPN.",
  • "module": "webra",
  • "workflow": "enroll",
  • "template": {
    },
  • "dryRun": false
}

Response samples

Content type
application/json
Example
{
  • "module": "webra",
  • "workflow": "enroll",
  • "template": {
    },
  • "pkcs12": {
    },
  • "password": {
    },
  • "certificate": {
    },
  • "_id": "6448d56b310000400063f014",
  • "status": "denied",
  • "profile": "DefaultProfile",
  • "dn": "CN=John Doe,OU=IT,O=Example,C=US",
  • "requester": "jdoe",
  • "team": "IT",
  • "approver": "jdoe",
  • "contact": "jdoe@example.org",
  • "requesterComment": "I need this certificate to access the VPN.",
  • "approverComment": "This certificate is for the VPN.",
  • "registrationDate": 1683021380000,
  • "lastModificationDate": 1683021380000,
  • "expirationDate": 1683024980000,
  • "removeAt": 1685616980640,
  • "triggerResults": [
    ],
  • "holderId": "453b0d7ac28e079addad4fff633a9b06cdfe2d5626e12cefffbebb462e261a27",
  • "globalHolderIdCount": 0,
  • "profileHolderIdCount": 0,
  • "labels": [
    ],
  • "metadata": [
    ],
  • "dryRun": false
}

Retrieve a request

Retrieve an existing request based on its id

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string

The request ID

Responses

Response samples

Content type
application/json
Example
{
  • "module": "webra",
  • "workflow": "enroll",
  • "template": {
    },
  • "pkcs12": {
    },
  • "password": {
    },
  • "certificate": {
    },
  • "_id": "6448d56b310000400063f014",
  • "status": "denied",
  • "profile": "DefaultProfile",
  • "dn": "CN=John Doe,OU=IT,O=Example,C=US",
  • "requester": "jdoe",
  • "team": "IT",
  • "approver": "jdoe",
  • "contact": "jdoe@example.org",
  • "requesterComment": "I need this certificate to access the VPN.",
  • "approverComment": "This certificate is for the VPN.",
  • "registrationDate": 1683021380000,
  • "lastModificationDate": 1683021380000,
  • "expirationDate": 1683024980000,
  • "removeAt": 1685616980640,
  • "triggerResults": [
    ],
  • "holderId": "453b0d7ac28e079addad4fff633a9b06cdfe2d5626e12cefffbebb462e261a27",
  • "globalHolderIdCount": 0,
  • "profileHolderIdCount": 0,
  • "labels": [
    ],
  • "metadata": [
    ],
  • "dryRun": false
}

Cancel a request

Cancel an existing request

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The Request to cancel

_id
required
string (Internal ID)

The ID of the request to cancel

module
required
string (Module)
Enum: "webra" "est" "scep" "acme" "crmp" "acme-external" "intune" "jamf" "intunepkcs"

The module of the request

workflow
required
string (Workflow)
Enum: "enroll" "migrate" "revoke" "recover" "renew" "update" "import"

The workflow of the request

Responses

Request samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "module": "webra",
  • "workflow": "enroll"
}

Response samples

Content type
application/json
Example
{
  • "module": "webra",
  • "workflow": "enroll",
  • "template": {
    },
  • "pkcs12": {
    },
  • "password": {
    },
  • "certificate": {
    },
  • "_id": "6448d56b310000400063f014",
  • "status": "denied",
  • "profile": "DefaultProfile",
  • "dn": "CN=John Doe,OU=IT,O=Example,C=US",
  • "requester": "jdoe",
  • "team": "IT",
  • "approver": "jdoe",
  • "contact": "jdoe@example.org",
  • "requesterComment": "I need this certificate to access the VPN.",
  • "approverComment": "This certificate is for the VPN.",
  • "registrationDate": 1683021380000,
  • "lastModificationDate": 1683021380000,
  • "expirationDate": 1683024980000,
  • "removeAt": 1685616980640,
  • "triggerResults": [
    ],
  • "holderId": "453b0d7ac28e079addad4fff633a9b06cdfe2d5626e12cefffbebb462e261a27",
  • "globalHolderIdCount": 0,
  • "profileHolderIdCount": 0,
  • "labels": [
    ],
  • "metadata": [
    ],
  • "dryRun": false
}

Approve a request

Requester that do not have the privileges to directly enroll will see their requests in the pending state after submitting them. An approver can then approve the request, which will trigger the enrollment trough the configured PKI connector.

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The request to approve

One of
_id
required
string (Internal ID)

Object internal ID

approverComment
string or null

Free-text field editable by the approver to provider more context on the request

module
required
string
Value: "webra"

The module that will be used to process this request. For a WebRA request, this is always webra

workflow
required
string
Value: "enroll"

What this request will do. For an enrollment request, this is always enroll

object (WebRA Enroll Request Template)

The user-data that will be used to generate the certificate

dryRun
boolean or null
Default: false

If true, the request is validated, but will not result in an enrollment

Responses

Request samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "approverComment": "Denying this request because parameters are missing.",
  • "module": "webra",
  • "workflow": "enroll",
  • "template": {
    },
  • "dryRun": false
}

Response samples

Content type
application/json
Example
{
  • "module": "webra",
  • "workflow": "enroll",
  • "template": {
    },
  • "pkcs12": {
    },
  • "password": {
    },
  • "certificate": {
    },
  • "_id": "6448d56b310000400063f014",
  • "status": "denied",
  • "profile": "DefaultProfile",
  • "dn": "CN=John Doe,OU=IT,O=Example,C=US",
  • "requester": "jdoe",
  • "team": "IT",
  • "approver": "jdoe",
  • "contact": "jdoe@example.org",
  • "requesterComment": "I need this certificate to access the VPN.",
  • "approverComment": "This certificate is for the VPN.",
  • "registrationDate": 1683021380000,
  • "lastModificationDate": 1683021380000,
  • "expirationDate": 1683024980000,
  • "removeAt": 1685616980640,
  • "triggerResults": [
    ],
  • "holderId": "453b0d7ac28e079addad4fff633a9b06cdfe2d5626e12cefffbebb462e261a27",
  • "globalHolderIdCount": 0,
  • "profileHolderIdCount": 0,
  • "labels": [
    ],
  • "metadata": [
    ],
  • "dryRun": false
}

Deny a request

Deny an existing request

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The request to deny

_id
required
string (Internal ID)

The ID of the request to deny

module
required
string (Module)
Enum: "webra" "est" "scep" "acme" "crmp" "acme-external" "intune" "jamf" "intunepkcs"

The module of the request

workflow
required
string (Workflow)
Enum: "enroll" "migrate" "revoke" "recover" "renew" "update" "import"

The workflow of the request

approverComment
string

Free-text field editable by the approver to provider more context on the denial

Responses

Request samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "module": "webra",
  • "workflow": "enroll",
  • "approverComment": "string"
}

Response samples

Content type
application/json
Example
{
  • "module": "webra",
  • "workflow": "enroll",
  • "template": {
    },
  • "pkcs12": {
    },
  • "password": {
    },
  • "certificate": {
    },
  • "_id": "6448d56b310000400063f014",
  • "status": "denied",
  • "profile": "DefaultProfile",
  • "dn": "CN=John Doe,OU=IT,O=Example,C=US",
  • "requester": "jdoe",
  • "team": "IT",
  • "approver": "jdoe",
  • "contact": "jdoe@example.org",
  • "requesterComment": "I need this certificate to access the VPN.",
  • "approverComment": "This certificate is for the VPN.",
  • "registrationDate": 1683021380000,
  • "lastModificationDate": 1683021380000,
  • "expirationDate": 1683024980000,
  • "removeAt": 1685616980640,
  • "triggerResults": [
    ],
  • "holderId": "453b0d7ac28e079addad4fff633a9b06cdfe2d5626e12cefffbebb462e261a27",
  • "globalHolderIdCount": 0,
  • "profileHolderIdCount": 0,
  • "labels": [
    ],
  • "metadata": [
    ],
  • "dryRun": false
}

Retrieve the request search dictionary

Return the request search dictionary. The dictionary is computed based on the principal and includes:

  • The list of certificate profiles on which the principal is authorized to search on;
  • The list of labels the principal is authorized to search on;
  • The list of modules available on the Horizon instance;
  • The list of available teams on the Horizon instance;
  • The list of available metadata on Horizon.
Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
{
  • "profiles": [
    ],
  • "teams": [
    ],
  • "labels": [
    ],
  • "metadata": [
    ],
  • "modules": [
    ]
}

Search requests

Send a request search query (in HRQL format) and return the request search results

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The request search query

query
string or null

The HRQL query to use for the search, represents the way to filter requests. Filters nothing if not specified

fields
Array of strings or null

The fields to be returned by the search. If this parameter is not specified, everything is returned by default. If this parameter is equal to an empty array, only the _id field is returned

Array of objects or null (SortElement)

The way to sort the search results

pageIndex
integer or null <int32>
Default: 1

The index of the page to retrieve

pageSize
integer or null <int32>
Default: 50

The maximum number of items to retrieve for one page

withCount
boolean or null
Default: false

Whether to return the total count of requests matching the HRQL query

scope
string or null
Enum Description
manage

Only search among requests that the currently logged in user has the right to manage

search

Search among all visible requests to the logged in user

self

Search among requests that the currently logged in user or its team has issued

The scope of the search. manage only searches among requests that the currently logged in user has the rights to manage. search searches among all visible requests to the logged in user. self searches among requests that the currently logged in user or its team has issued

Responses

Request samples

Content type
application/json
{
  • "query": "request is not expired",
  • "fields": [
    ],
  • "sortedBy": [
    ],
  • "pageIndex": 1,
  • "pageSize": 50,
  • "withCount": false,
  • "scope": "manage"
}

Response samples

Content type
application/json
{
  • "results": [
    ],
  • "pageIndex": 1,
  • "pageSize": 50,
  • "count": 50,
  • "hasMore": true
}

Export requests

Send a request search query (in HRQL format) and return the request search results in CSV format

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The request search query

query
string or null

The HRQL query to use for the search, represents the way to filter requests. Filters nothing if not specified

fields
Array of strings or null

The fields to be returned by the search. If this parameter is not specified, everything is returned by default. If this parameter is equal to an empty array, only the _id field is returned

Array of objects or null (SortElement)

The way to sort the search results

pageIndex
integer or null <int32>
Default: 1

The index of the page to retrieve

pageSize
integer or null <int32>
Default: 50

The maximum number of items to retrieve for one page

withCount
boolean or null
Default: false

Whether to return the total count of requests matching the HRQL query

scope
string or null
Enum Description
manage

Only search among requests that the currently logged in user has the right to manage

search

Search among all visible requests to the logged in user

self

Search among requests that the currently logged in user or its team has issued

The scope of the search. manage only searches among requests that the currently logged in user has the rights to manage. search searches among all visible requests to the logged in user. self searches among requests that the currently logged in user or its team has issued

Responses

Request samples

Content type
application/json
{
  • "query": "request is not expired",
  • "fields": [
    ],
  • "sortedBy": [
    ],
  • "pageIndex": 1,
  • "pageSize": 50,
  • "withCount": false,
  • "scope": "manage"
}

Response samples

Content type
application/problem+json
Example
{
  • "status": 400,
  • "error": "REQ-006",
  • "message": "Invalid Request Search Query",
  • "title": "Invalid Request Search Query",
  • "detail": "Details about the error"
}

Request aggregation

Send a request aggregation query and return the aggregation result

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The request aggregation query

query
string or null

The HRQL query to use for the search, represents the way to filter requests. If not specified, it will filter nothing

groupBy
Array of strings or null

The field that the aggregation will take place on

withCount
boolean or null

If set to true, the total count of requests matching the HRQL query will be returned

sortOrder
string or null
Enum: "Asc" "Desc" "KeyAsc" "KeyDesc"
limit
integer or null <int32>

In case of an aggregate sending a lot of different results, how many must be sent back

object or null (Having)

A condition to apply to the result. Only the aggregates results with more than 5 requests in them can be kept for example

scope
string or null
Enum Description
manage

Only search among requests that the currently logged in user has the right to manage

search

Search among all visible requests to the logged in user

self

Search among requests that the currently logged in user or its team has issued

The scope of the aggregate. manage only aggregates among requests that the currently logged in user has the rights to manage. search aggregates among all visible requests to the logged in user. self aggregates among requests that the currently logged in user or its team has issued

Responses

Request samples

Content type
application/json
{
  • "query": "status equals \"pending\"",
  • "groupBy": [
    ],
  • "withCount": true,
  • "sortOrder": "Asc",
  • "limit": 3,
  • "having": {
    },
  • "scope": "manage"
}

Response samples

Content type
application/json
{
  • "items": [
    ],
  • "count": 6
}

Local Identities

A local identity represents a local Horizon account, than will both be able to use the Horizon APIs and log in to the web UI. You might use local identities for identifying your users but also use them as technical service accounts, for example to allow a third-party client to perform actions on Horizon.

List local identities

Retrieve the list of all existing local identities.

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a local identity

Create a local identity. By default, a local identity doesn't have a password and therefore cannot log in to Horizon. To set a password, call the set password endpoint after creating the local identity.

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required
identifier
required
string

The identifier of the local identity (used by the identity to log in to the web UI)

email
string or null <email>

The email address of the local identity

name
string or null

The display name of the local identity

password
required
string

The initial password for this local identity

Responses

Request samples

Content type
application/json
{
  • "identifier": "administrator",
  • "email": "administrator@evertrust.fr",
  • "name": "Horizon Administrator",
  • "password": "534169469812674870598506170552236971648310761036167896036064400452449656"
}

Response samples

Content type
application/json
{
  • "_id": "6424527e4701004c010b1509",
  • "identifier": "administrator",
  • "email": "administrator@evertrust.fr",
  • "name": "Horizon Administrator"
}

Update a local identity

Update a local identity

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Local identity to update

identifier
required
string

The identifier of the local identity (used by the identity to log in to the web UI)

email
string or null <email>

The email address of the local identity

name
string or null

The display name of the local identity

Responses

Request samples

Content type
application/json
{
  • "identifier": "administrator",
  • "email": "administrator@evertrust.fr",
  • "name": "Horizon Administrator"
}

Response samples

Content type
application/json
{
  • "_id": "6424527e4701004c010b1509",
  • "identifier": "administrator",
  • "email": "administrator@evertrust.fr",
  • "name": "Horizon Administrator"
}

Set the password for a local identity

You can define the password that will be used by this local identity to log in to the web UI or use APIs. You must have the right management permissions to perform this action, and the password must meet the local identity provider's password policy requirements, if any has been defined.

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required
identifier
string or null

The local identity identifier. If null, the password for the currently logged in user will be changed

password
required
string

The new password in clear text

previousPassword
string <password>

When changing your own password, this value is required and must contain the current password in clear text

Responses

Request samples

Content type
application/json
{
  • "identifier": "administrator",
  • "password": "Sup3rSecurePassw0rd",
  • "previousPassword": "pa$$word"
}

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "LOCAL-ID-007",
  • "message": "Invalid Set Password Request",
  • "title": "Invalid Set Password Request",
  • "detail": "Details about the error"
}

Retrieve a local identity

Given an identifier, retrieve the full Local Identity object using this endpoint.

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
identifier
required
string
Example: administrator

Local identity identifier.

Responses

Response samples

Content type
application/json
{
  • "_id": "6424527e4701004c010b1509",
  • "identifier": "administrator",
  • "email": "administrator@evertrust.fr",
  • "name": "Horizon Administrator"
}

Delete a local identity

Delete an existing local identity based on its identifier

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
identifier
required
string
Example: administrator

Local identity identifier.

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Request a password reset

This is the first step in the password reset flow. The user will receive a reset UUID by email that can be used to complete the password reset request.

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
identifier
required
string
Example: administrator

Local identity identifier

Responses

Response samples

Content type
application/problem+json
{
  • "status": 401,
  • "error": "LOCAL-ID-011",
  • "message": "Invalid Reset Password Request",
  • "title": "Invalid Reset Password Request",
  • "detail": "Details about the error"
}

Reset a password

This is the second step of the password reset flow. Following a password reset request, the user will receive a reset UUID by email. They can then send this UUID and a new password to reset their password.

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required
identifier
required
string

Local identity identifier

uuid
required
string <uuid>

The reset UUID received by email by the user after a password reset request

password
required
string <password>

The new password to set. It must match the password policy if any has been defined

Responses

Request samples

Content type
application/json
{
  • "identifier": "administrator",
  • "uuid": "095be615-a8ad-4c33-8e9c-c7612fbf6c9f",
  • "password": "pa$$word"
}

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "LOCAL-ID-009",
  • "message": "Local Identity provider not found or disabled",
  • "title": "Local Identity provider not found or disabled",
  • "detail": "Details about the error"
}

Identity Providers

An Identity Provider represents a way to authenticate to Horizon. Since Horizon supports multiple authentication methods (Local account, X509, OpenID connect), it can be configured to enable or disable several of them.

List the enabled identity provider(s)

Return the list of enabled dynamic identity provider(s)

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
enabledOnUI
boolean or null

Whether the identity provider is visible on the UI

Responses

Response samples

Content type
application/json
[
  • {
    }
]

List all the identity provider(s)

List all the existing identity provider(s), regardless of whether they are enabled.

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new identity provider

Create a new identity provider. The identity provider can be either a local identity provider or an OIDC identity provider.

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The identity provider to register

One of
name
required
string

The internal name of the local identity provider

Array of objects or null (LocalizedString)

The display name of the local identity provider

Array of objects or null (LocalizedString)

The description of the local identity provider

type
required
string
Value: "Local"

The type of identity provider

enabled
required
boolean

Whether the local identity provider can be used to identify against Horizon

enabledOnUI
required
boolean

Whether the local identity provider can be selected on login to the Horizon UI

passwordPolicy
string or null

The password policy to enforce for user passwords on the local identity provider

object or null (Email template)

The e-mail template to use for password recovery

Responses

Request samples

Content type
application/json
Example
{
  • "name": "local",
  • "displayName": [
    ],
  • "description": [
    ],
  • "type": "Local",
  • "enabled": true,
  • "enabledOnUI": true,
  • "passwordPolicy": "Horizon-Default",
  • "emailTemplate": {
    }
}

Response samples

Content type
application/json
{
  • "_id": "643821173000003d0014cdaf",
  • "name": "Google",
  • "displayName": [
    ],
  • "description": [
    ],
  • "type": "OpenId",
  • "enabled": true,
  • "enabledOnUI": true,
  • "proxy": "googleProxy",
  • "timeout": "5 seconds",
  • "providerMetadataUrl": "https://accounts.google.com/.well-known/openid-configuration",
  • "clientCredentials": "OpenIdCredentials",
  • "scope": "openid profile email",
  • "trustSystemCAs": true,
  • "identifierClaim": "{{oid}}",
  • "emailClaim": "{{email}}",
  • "nameClaim": "{{name}}"
}

Update an existing identity provider

Update an existing identity provider

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Identity provider to update

One of
name
required
string

The internal name of the local identity provider

Array of objects or null (LocalizedString)

The display name of the local identity provider

Array of objects or null (LocalizedString)

The description of the local identity provider

type
required
string
Value: "Local"

The type of identity provider

enabled
required
boolean

Whether the local identity provider can be used to identify against Horizon

enabledOnUI
required
boolean

Whether the local identity provider can be selected on login to the Horizon UI

passwordPolicy
string or null

The password policy to enforce for user passwords on the local identity provider

object or null (Email template)

The e-mail template to use for password recovery

Responses

Request samples

Content type
application/json
Example
{
  • "name": "local",
  • "displayName": [
    ],
  • "description": [
    ],
  • "type": "Local",
  • "enabled": true,
  • "enabledOnUI": true,
  • "passwordPolicy": "Horizon-Default",
  • "emailTemplate": {
    }
}

Response samples

Content type
application/json
Example
{
  • "_id": "643821173000003d0014cdaf",
  • "name": "local",
  • "displayName": [
    ],
  • "description": [
    ],
  • "type": "Local",
  • "enabled": true,
  • "enabledOnUI": true,
  • "passwordPolicy": "Horizon-Default",
  • "emailTemplate": {
    }
}

Retrieve a existing identity provider

Retrieve a existing identity provider based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

The internal name of the identity provider to retrieve

Responses

Response samples

Content type
application/json
Example
{
  • "_id": "643821173000003d0014cdaf",
  • "name": "local",
  • "displayName": [
    ],
  • "description": [
    ],
  • "type": "Local",
  • "enabled": true,
  • "enabledOnUI": true,
  • "passwordPolicy": "Horizon-Default",
  • "emailTemplate": {
    }
}

Delete an identity provider

Delete an existing identity provider based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

The internal name of the identity provider to retrieve

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "SEC-IDPROV-006",
  • "message": "Referenced identity provider",
  • "title": "Referenced identity provider",
  • "detail": "Details about the error"
}

Retrieve the provider of a principal

Retrieve which identity provider holds the authentication information for a given identifier or a given contact e-mail.

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The principal search request

identifier
string or null

The identifier of the principal to search for

contact
string or null

The contact e-mail of the principal to search for

Responses

Request samples

Content type
application/json
{
  • "identifier": "administrator",
  • "contact": "admin-horizon@evertrust.fr"
}

Response samples

Content type
application/json
[
  • {
    }
]

Password Policies

A password policy defines the rules that must be enforced for the password management in Horizon. They are used to enforce constraints on the local account, the PKCS#12 and the challenge passwords, and their generation.

List password policies

Retrieve the list of all existing password policies, including the default one (Horizon-Default)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a password policy

Create a new password policy. By default, Horizon has a default password policy named 'Horizon-Default' that enforces 16 bytes passwords

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The password policy to register

name
required
string

The name of the password policy

minChar
required
integer <int32>

The minimum number of characters of the password

maxChar
integer or null <int32>

The maximum number of characters of the password

minUpChar
integer or null <int32>

The minimum number of uppercase characters of the password

minLoChar
integer or null <int32>

The minimum number of lowercase characters of the password

minDiChar
integer or null <int32>

The minimum number of digits of the password

spChar
string or null

The special characters of the password accepted by the password policy

minSpChar
integer or null <int32>

The minimum number of special characters of the password

Responses

Request samples

Content type
application/json
{
  • "name": "Horizon-Default",
  • "minChar": 8,
  • "maxChar": 24,
  • "minUpChar": 1,
  • "minLoChar": 1,
  • "minDiChar": 1,
  • "spChar": "!@#$%^&*()_+",
  • "minSpChar": 1
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "Horizon-Default",
  • "minChar": 8,
  • "maxChar": 24,
  • "minUpChar": 1,
  • "minLoChar": 1,
  • "minDiChar": 1,
  • "spChar": "!@#$%^&*()_+",
  • "minSpChar": 1
}

Update a password policy

Update an existing password policy based on its internal name

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The password policy to update

name
required
string

The name of the password policy

minChar
required
integer <int32>

The minimum number of characters of the password

maxChar
integer or null <int32>

The maximum number of characters of the password

minUpChar
integer or null <int32>

The minimum number of uppercase characters of the password

minLoChar
integer or null <int32>

The minimum number of lowercase characters of the password

minDiChar
integer or null <int32>

The minimum number of digits of the password

spChar
string or null

The special characters of the password accepted by the password policy

minSpChar
integer or null <int32>

The minimum number of special characters of the password

Responses

Request samples

Content type
application/json
{
  • "name": "Horizon-Default",
  • "minChar": 8,
  • "maxChar": 24,
  • "minUpChar": 1,
  • "minLoChar": 1,
  • "minDiChar": 1,
  • "spChar": "!@#$%^&*()_+",
  • "minSpChar": 1
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "Horizon-Default",
  • "minChar": 8,
  • "maxChar": 24,
  • "minUpChar": 1,
  • "minLoChar": 1,
  • "minDiChar": 1,
  • "spChar": "!@#$%^&*()_+",
  • "minSpChar": 1
}

Retrieve a password policy

Retrieve an existing password policy based on its internal name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

The internal name of the password policy to retrieve

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "Horizon-Default",
  • "minChar": 8,
  • "maxChar": 24,
  • "minUpChar": 1,
  • "minLoChar": 1,
  • "minDiChar": 1,
  • "spChar": "!@#$%^&*()_+",
  • "minSpChar": 1
}

Delete a password policy

Delete an existing password policy based on its internal name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

The internal name of the password policy to delete

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "PASSWORD-POLICY-005",
  • "message": "Referenced Password policy",
  • "title": "Referenced Password policy",
  • "detail": "Details about the error"
}

Generate a password with a password policy

Generate a random password compliant with a given password policy. If the given policy does not exist, generate a password based on default password policy (Horizon-Default)

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

The internal name of the password policy that the generated password must comply with

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 403,
  • "error": "LIC-002",
  • "message": "Invalid License",
  • "title": "Invalid License",
  • "detail": "Details about the error"
}

Principals

A security principal represents a user in Horizon. It can be used to grant permissions to users, and to assign roles and teams to them.

Return the authenticated principal

Return the authenticated principal:

  • The principal identity (identifier, name, email and identity provider);
  • The direct permissions;
  • The roles the principal is a member of.

If not authenticated, a NoContent is returned.

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
{
  • "identity": {
    },
  • "permissions": [
    ],
  • "roles": [
    ],
  • "teams": [
    ],
  • "preferences": {
    },
  • "customDashboards": [
    ]
}

Log out an authenticated principal and flush any cached authorization(s)

Log out an authenticated Principal and flush cached authorization(s). If this method is called by an unauthenicated principal (anonymous), the REST call is nilpotent.

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 403,
  • "error": "LIC-002",
  • "message": "Invalid License",
  • "title": "Invalid License",
  • "detail": "Details about the error"
}

Authenticate a principal and redirect to the specified redirect URL

Authenticate a principal and redirect (302) to the specified URL if authentication was successful. The redirect URL must be URL encoded.

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
redirect
required
string

The URL to redirect to after successful authentication. The URL must be URL encoded.

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Principal Information

Security - Principal Information API

Create a new principal

Create a new principal in Horizon

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The principal's information to register

identifier
required
string

The identifier of the principal

contact
string or null

The contact e-mail of the principal

Array of objects or null (Permission)

The permissions of the principal

roles
Array of strings or null

The roles of the principal

teams
Array of strings or null

The teams of the principal

Array of objects or null (Principal queries)

The saved HQL queries of the principal. This is used by UI only. These values should not be manually set but should be copied on update

Array of objects or null (Dashboard)

The custom dashboards of the principal. This is used by UI only. These values should not be manually set but should be copied on update

object or null (Principal Preferences)

The UI preferences of the principal. This is used by UI only. These values should not be manually set but should be copied on update

enabled
required
boolean

If the principal is allowed to login horizon

Responses

Request samples

Content type
application/json
{
  • "identifier": "administrator",
  • "contact": "administrator@horizon.evertrust.fr",
  • "permissions": [
    ],
  • "roles": [
    ],
  • "teams": [
    ],
  • "savedQueries": [
    ],
  • "customDashboards": [
    ],
  • "preferences": {
    },
  • "enabled": true
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "identifier": "administrator",
  • "contact": "administrator@horizon.evertrust.fr",
  • "permissions": [
    ],
  • "roles": [
    ],
  • "teams": [
    ],
  • "savedQueries": [
    ],
  • "customDashboards": [
    ],
  • "preferences": {
    },
  • "creationDate": 1601900000000,
  • "lastAuthentication": 1601900000000,
  • "lastModification": 1601900000000,
  • "enabled": true
}

Update a principal's information

Update an existing principal's information

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The principal information to update

identifier
required
string

The identifier of the principal

contact
string or null

The contact e-mail of the principal

Array of objects or null (Permission)

The permissions of the principal

roles
Array of strings or null

The roles of the principal

teams
Array of strings or null

The teams of the principal

Array of objects or null (Principal queries)

The saved HQL queries of the principal. This is used by UI only. These values should not be manually set but should be copied on update

Array of objects or null (Dashboard)

The custom dashboards of the principal. This is used by UI only. These values should not be manually set but should be copied on update

object or null (Principal Preferences)

The UI preferences of the principal. This is used by UI only. These values should not be manually set but should be copied on update

enabled
required
boolean

If the principal is allowed to login horizon

Responses

Request samples

Content type
application/json
{
  • "identifier": "administrator",
  • "contact": "administrator@horizon.evertrust.fr",
  • "permissions": [
    ],
  • "roles": [
    ],
  • "teams": [
    ],
  • "savedQueries": [
    ],
  • "customDashboards": [
    ],
  • "preferences": {
    },
  • "enabled": true
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "identifier": "administrator",
  • "contact": "administrator@horizon.evertrust.fr",
  • "permissions": [
    ],
  • "roles": [
    ],
  • "teams": [
    ],
  • "savedQueries": [
    ],
  • "customDashboards": [
    ],
  • "preferences": {
    },
  • "creationDate": 1601900000000,
  • "lastAuthentication": 1601900000000,
  • "lastModification": 1601900000000,
  • "enabled": true
}

Retrieve a principal information

Retrieve the security information of an existing principal based on its identifier

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
identifier
required
string

The identifier of the principal to retrieve information of

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "identifier": "administrator",
  • "contact": "administrator@horizon.evertrust.fr",
  • "permissions": [
    ],
  • "roles": [
    ],
  • "teams": [
    ],
  • "savedQueries": [
    ],
  • "customDashboards": [
    ],
  • "preferences": {
    },
  • "creationDate": 1601900000000,
  • "lastAuthentication": 1601900000000,
  • "lastModification": 1601900000000,
  • "enabled": true
}

Delete a principal

Delete an existing principal based on its identifier

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
identifier
required
string

The identifier of the principal to delete

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Search for principal information

Search for principal information. Search criteria are combined using the 'or' operator

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The principal information search request

identifier
string or null

The identifier of the principal

contact
string or null

The contact e-mail of the principal

role
string or null

The role of the principal

team
string or null

The team of the principal

strictSearch
boolean or null
Default: false

If enabled, role, identifier and team fields will list exact matches only

Array of objects or null (SortElement)

How to sort the results of the search

pageIndex
integer or null <int32>

Which page result to display

pageSize
integer or null <int32>

How many results to display per page

withCount
boolean or null

Whether to include the total number of results in the response

Responses

Request samples

Content type
application/json
{
  • "identifier": "string",
  • "contact": "string",
  • "role": "string",
  • "team": "string",
  • "strictSearch": false,
  • "sortedBy": [
    ],
  • "pageIndex": 0,
  • "pageSize": 0,
  • "withCount": true
}

Response samples

Content type
application/json
{
  • "results": [
    ],
  • "pageIndex": 1,
  • "pageSize": 20,
  • "count": 15,
  • "hasMore": true
}

Roles

Use roles to apply a group of permissions to multiple users without having to assign each permission individually.

List roles

Retrieves a list of all existing roles

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new role

Create a new role in Horizon

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required
name
required
string

The name of the role

description
string or null

The description of the role

Array of objects or null (Permission)

The role's permissions

Responses

Request samples

Content type
application/json
{
  • "name": "CanEnroll",
  • "description": "Gives all enroll permissions to users",
  • "permissions": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "CanEnroll",
  • "description": "Gives all enroll permissions to users",
  • "permissions": [
    ]
}

Update a role

Update an existing role

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The role to update

name
required
string

The name of the role

description
string or null

The description of the role

Array of objects or null (Permission)

The role's permissions

Responses

Request samples

Content type
application/json
{
  • "name": "CanEnroll",
  • "description": "Gives all enroll permissions to users",
  • "permissions": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "CanEnroll",
  • "description": "Gives all enroll permissions to users",
  • "permissions": [
    ]
}

Retrieve a role

Retrieves an existing role based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: SuperAdmin

Role name

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "CanEnroll",
  • "description": "Gives all enroll permissions to users",
  • "permissions": [
    ]
}

Delete a role

Delete an existing role based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: SuperAdmins

Role name

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Teams

Teams are a way to enhance the ownership capabilities of the product. They are essentially a group of principals that own objects (certificates, requests) and do not grant any permission per se.

List the team(s)

List all the existing team(s) in Horizon

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[]

Create a new team

Create a new team in Horizon

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Team to register

name
required
string

The name of the team

Array of objects or null (LocalizedString)

The localized description of the team

contact
string or null

The generic contact e-mail of the Team

object or null (Webhook Definition)

The webhook of the team's corporate channel (Teams, Slack, Mattermost)

manager
string or null

The e-mail address of the team's manager

Array of objects or null (LocalizedString)

The localized display name of the team

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{}

Update a team

Update an existing team's information

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The team to update

_id
any
name
required
string

The name of the team

Array of objects or null (LocalizedString)

The localized description of the team

contact
string or null

The generic contact e-mail of the Team

object or null (Webhook Definition)

The webhook of the team's corporate channel (Teams, Slack, Mattermost)

manager
string or null

The e-mail address of the team's manager

Array of objects or null (LocalizedString)

The localized display name of the team

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{}

Retrieve a team

Retrieve an existing team based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: PKIOps

The name of the team to retrieve

Responses

Response samples

Content type
application/json
{}

Delete a team

Delete an existing team based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: PKIOps

The name of the team to delete

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Transfer objects from a team to another

Transfers all certificate(s) and request(s) from a previous team to an existing one

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
previousTeam
required
string
Example: WinHorizon

The name of the team to transfer objects from

newTeam
required
string
Example: PKIOps

The name of the team to transfer objects to

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Scim Profiles

Scim profiles are used to enabled the mapping between Scim and Horizon.

List Scim profiles

Retrieves a list of all existing Scim profiles

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a Scim profile

Create a new Scim profile in Horizon

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required
name
required
string

The name of the Scim profile

description
string or null

The description of the Scim profile

mailType
string or null
Default: "work"

The mail type corresponds to the mail coming from the scim provider that must be synchronised in horizon. By default, the mail type is "work".

Array of Scim mapping (object) or Scim mapping (object) or null

The mapping used to synchronize user and group between the scim provider and Horizon.

Responses

Request samples

Content type
application/json
{
  • "name": "OktaScim",
  • "description": "The Mapping for the Okta provisioning",
  • "mailType": "home",
  • "mappings": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "OktaScim",
  • "description": "The Mapping for the Okta provisioning",
  • "mailType": "home",
  • "mappings": [
    ]
}

Update Scim profile

Update an existing Scim profile

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The Scim profile to update

name
required
string

The name of the Scim profile

description
string or null

The description of the Scim profile

mailType
string or null
Default: "work"

The mail type corresponds to the mail coming from the scim provider that must be synchronised in horizon. By default, the mail type is "work".

Array of Scim mapping (object) or Scim mapping (object) or null

The mapping used to synchronize user and group between the scim provider and Horizon.

Responses

Request samples

Content type
application/json
{
  • "name": "OktaScim",
  • "description": "The Mapping for the Okta provisioning",
  • "mailType": "home",
  • "mappings": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "OktaScim",
  • "description": "The Mapping for the Okta provisioning",
  • "mailType": "home",
  • "mappings": [
    ]
}

Retrieve a Scim profile

Retrieves an existing Scim profile based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: OktaScim

Scim profile name

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "OktaScim",
  • "description": "The Mapping for the Okta provisioning",
  • "mailType": "home",
  • "mappings": [
    ]
}

Delete a Scim profile

Delete an existing Scim profile based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: OktaScim

Scim profile name

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Discovery Campaigns

A discovery campaign is an object that is required to perform any kind of discovery operation. It holds all the discovery metadata of the certificates that were discovered under a specific campaign.

List discovery campaign(s)

List all the existing discovery campaign(s)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new discovery campaign

Create a new discovery campaign in Horizon

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Discovery campaign to register

name
required
string

The name of the discovery campaign

description
string or null

The description of the discovery campaign

required
object

The authorization levels of the discovery campaign

eventOnSuccess
required
boolean

Whether to log a Horizon event in case of success

eventOnWarning
required
boolean

Whether to log a Horizon event in case of warning

eventOnFailure
required
boolean

Whether to log a Horizon event in case of failure

hosts
Array of strings or null

The hosts to be scanned by the discovery campaign

ports
Array of strings or null
Default: ["25","443","8443","689"]

The ports to be scanned by the discovery campaign

enabled
required
boolean

Whether the discovery campaign is enabled, i.e. whether it can be fed

gradingPolicies
Array of strings or null

The grading policies to apply to grade the discovered certificates on this campaign

Responses

Request samples

Content type
application/json
{
  • "name": "DiscoveryDMZ01",
  • "description": "Discovery campaign that scans the DMZ 01",
  • "authorizationLevels": {
    },
  • "eventOnSuccess": false,
  • "eventOnWarning": false,
  • "eventOnFailure": true,
  • "hosts": [
    ],
  • "ports": [
    ],
  • "enabled": true,
  • "gradingPolicies": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "DiscoveryDMZ01",
  • "description": "Discovery campaign that scans the DMZ 01",
  • "authorizationLevels": {
    },
  • "eventOnSuccess": false,
  • "eventOnWarning": false,
  • "eventOnFailure": true,
  • "hosts": [
    ],
  • "ports": [
    ],
  • "enabled": true,
  • "gradingPolicies": [
    ]
}

Update a discovery campaign

Update an existing discovery campaign's information

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Discovery campaign to update

name
required
string

The name of the discovery campaign

description
string or null

The description of the discovery campaign

required
object

The authorization levels of the discovery campaign

eventOnSuccess
required
boolean

Whether to log a Horizon event in case of success

eventOnWarning
required
boolean

Whether to log a Horizon event in case of warning

eventOnFailure
required
boolean

Whether to log a Horizon event in case of failure

hosts
Array of strings or null

The hosts to be scanned by the discovery campaign

ports
Array of strings or null
Default: ["25","443","8443","689"]

The ports to be scanned by the discovery campaign

enabled
required
boolean

Whether the discovery campaign is enabled, i.e. whether it can be fed

gradingPolicies
Array of strings or null

The grading policies to apply to grade the discovered certificates on this campaign

Responses

Request samples

Content type
application/json
{
  • "name": "DiscoveryDMZ01",
  • "description": "Discovery campaign that scans the DMZ 01",
  • "authorizationLevels": {
    },
  • "eventOnSuccess": false,
  • "eventOnWarning": false,
  • "eventOnFailure": true,
  • "hosts": [
    ],
  • "ports": [
    ],
  • "enabled": true,
  • "gradingPolicies": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "DiscoveryDMZ01",
  • "description": "Discovery campaign that scans the DMZ 01",
  • "authorizationLevels": {
    },
  • "eventOnSuccess": false,
  • "eventOnWarning": false,
  • "eventOnFailure": true,
  • "hosts": [
    ],
  • "ports": [
    ],
  • "enabled": true,
  • "gradingPolicies": [
    ]
}

Retrieve a discovery campaign

Retrieve a specific discovery campaign based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: Discovery-DMZ01

The name of the discovery campaign to retrieve

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "DiscoveryDMZ01",
  • "description": "Discovery campaign that scans the DMZ 01",
  • "authorizationLevels": {
    },
  • "eventOnSuccess": false,
  • "eventOnWarning": false,
  • "eventOnFailure": true,
  • "hosts": [
    ],
  • "ports": [
    ],
  • "enabled": true,
  • "gradingPolicies": [
    ]
}

Delete a discovery campaign

Delete an existing discovery campaign based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: Discovery-DMZ01

The name of the discovery campaign to delete

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Flush a discovery campaign

Flush an existing discovery campaign based on its name. Flushing a discovery campaign will:

  • Remove discovery info related to the considered discovery campaign from any certificate (managed or discovered);
  • Delete any discovered certificate which is no longer associated to a discovery campaign.
Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

The name of the discovery campaign to flush

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Discovery Feed

The discovery feed allows a discovery client (like Horizon CLI) to push certificates into Horizon alongside with discovery data, let it be an unmanaged certificate that we want to be aware of or a managed one that we want to track the use of.

Create a new discovery feed session

Create a new discovery feed session, starts it and raises the appropriate discovery event. This call will return the discovery feed session ID.

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

The name of the discovery campaign to create a new feed session for

Responses

Response samples

Content type
application/json
{
  • "id": "6448d56b310000400063f014",
  • "campaign": "Discovery-DMZ01",
  • "description": "Discovery feed session for DMZ01",
  • "eventOnSuccess": false,
  • "eventOnWarning": false,
  • "eventOnFailure": true,
  • "hosts": [
    ],
  • "ports": [
    ]
}

Feed a discovered certificate into a discovery campaign

Feed a discovered certificate into a discovery campaign

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The discovery feed

campaign
required
string

The name of the discovery campaign to feed into

sessionId
string or null

The ID of the previously opened discovery feed session

code
string or null
Enum: "NETSCAN" "IMPORTSCAN-UPDATE" "NETSCAN-UPDATE" "IMPORTSCAN-REGISTER" "LOCALIMPORT-REGISTER" "LOCALSCAN-UPDATE" "ACME-UPDATE" "WEBRA-UPDATE" "LOCALIMPORT" "WEBRA-REGISTER" "SESSION-START" "NETIMPORT-REGISTER" "ACME-REGISTER" "EST-REGISTER" "NETIMPORT-UPDATE" "SESSION-END" "WEBRA" "LOCALIMPORT-UPDATE" "EST" "IMPORTSCAN" "LOCALSCAN" "NETSCAN-REGISTER" "ACME" "NETIMPORT" "EST-UPDATE" "UNKNOWN" "LOCALSCAN-REGISTER"

The code of the event to raise in the discovery events

certificate
required
string

The PEM-encoded certificate to feed the discovery campaign with

required
object

The host discovery data to feed the discovery campaign with (discovery metadata)

Array of objects or null (Certificate Metadata)

The list of certificate metadata to feed the discovery campaign with

privateKey
string or null <PKCS#8 PEM encoded>

The PEM-encoded private key to feed the discovery campaign with

Responses

Request samples

Content type
application/json
{
  • "campaign": "Discovery-DMZ01",
  • "sessionId": "5f7b1b3b9b0b1d0001b9b0b1",
  • "code": "NETSCAN-REGISTER",
  • "certificate": "-----BEGIN CERTIFICATE-----...",
  • "hostDiscoveryData": {
    },
  • "metadata": [
    ],
  • "privateKey": "-----BEGIN PRIVATE KEY-----..."
}

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "DISC-FEED-002",
  • "message": "Invalid Discovery Feed"
}

Push a new discovery event

Push a new discovery event for a specific discovery feed session on a discovery campaign

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The discovery event to push

code
required
string
Enum: "NETSCAN" "IMPORTSCAN-UPDATE" "NETSCAN-UPDATE" "IMPORTSCAN-REGISTER" "LOCALIMPORT-REGISTER" "LOCALSCAN-UPDATE" "ACME-UPDATE" "WEBRA-UPDATE" "LOCALIMPORT" "WEBRA-REGISTER" "SESSION-START" "NETIMPORT-REGISTER" "ACME-REGISTER" "EST-REGISTER" "NETIMPORT-UPDATE" "SESSION-END" "WEBRA" "LOCALIMPORT-UPDATE" "EST" "IMPORTSCAN" "LOCALSCAN" "NETSCAN-REGISTER" "ACME" "NETIMPORT" "EST-UPDATE" "UNKNOWN" "LOCALSCAN-REGISTER"

The code of the event to raise in the discovery events

campaign
required
string

The name of the discovery campaign concerned by the event

sessionId
string or null

The ID of the discovery feed session

status
required
string
Enum: "success" "warning" "failure"

The type of event to raise

errorCode
string or null

The error code of the event

errorMessage
string or null

The error message of the event

timestamp
integer or null <epoch>

When did the event occur (Unix timestamp in milliseconds)

removeAt
integer or null <epoch>
clientVersion
string or null

The version of the discovery client that raised the event

clientIp
string or null

The IP of the machine where the Horizon client is running from

clientId
string or null
actorId
string or null

The identifier of the principal that was used when the event was raised

certificateId
string or null

The ID of the certificate concerned by the event (in Horizon)

hostname
string or null

The hostname concerned by the event

ip
string or null

The IP address concerned by the event

port
integer or null <int32>

The TCP port concerned by the event

source
string or null

The type of discovery that raised the event

Responses

Request samples

Content type
application/json
{
  • "code": "NETSCAN",
  • "campaign": "Discovery-DMZ01",
  • "sessionId": "63fce2e13000003c008797c4",
  • "status": "failure",
  • "errorCode": "DISC-FEED-002",
  • "errorMessage": "Invalid Discovery Feed",
  • "timestamp": 1600050000000,
  • "removeAt": 0,
  • "clientVersion": "Horizon Client/1.6",
  • "clientIp": "127.0.0.1",
  • "clientId": "28fd6b8ec75ce39029509c3e76ecd3c0bb160776df89a4a12f4a097862268721",
  • "actorId": "horizon-client",
  • "certificateId": "5f5f9b3b9b0b1d0311c3b0a2",
  • "hostname": "horizon.evertrust.fr",
  • "ip": "127.0.0.1",
  • "port": 443,
  • "source": "netscan"
}

Response samples

Content type
application/problem+json
Example
{
  • "status": 400,
  • "error": "DISC-FEED-004",
  • "message": "Invalid Discovery Feed"
}

End a discovery session

Ends an active discovery session and raises the appropriate discovery event

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
campaign
required
string
Example: Discovery-DMZ01

The name of the discovery campaign where the session was started

id
required
string
Example: 63fce2e13000003c008797c4

The discovery session ID to end

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 400,
  • "error": "SEC-AUTH-007",
  • "message": "Invalid Identity Provider",
  • "title": "Invalid Identity Provider",
  • "detail": "Details about the error"
}

Certificate Authorities

CA API

List the existing certificate authorities

List the existing certificate authorities

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new certificate authority

Register a new certificate authority

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Certificate authority to register

certificate
required
string
name
required
string
subjectKeyIdentifier
string or null
responderUrl
string or null
crlUrl
string or null
refresh
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
trustedForClientAuthentication
required
boolean
trustedForServerAuthentication
required
boolean
outdatedRevocationStatusPolicy
required
string
Enum: "revoked" "unknown" "lastavailablestatus"
timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
proxy
string or null
cacheTimeToIdle
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
public
required
boolean
downloadable
boolean

Responses

Request samples

Content type
application/json
{
  • "certificate": "string",
  • "name": "string",
  • "subjectKeyIdentifier": "string",
  • "responderUrl": "string",
  • "crlUrl": "string",
  • "refresh": "string",
  • "trustedForClientAuthentication": true,
  • "trustedForServerAuthentication": true,
  • "outdatedRevocationStatusPolicy": "revoked",
  • "timeout": "string",
  • "proxy": "string",
  • "cacheTimeToIdle": "string",
  • "public": true,
  • "downloadable": true
}

Response samples

Content type
application/json
{
  • "certificate": {
    },
  • "name": "string",
  • "subjectKeyIdentifier": "string",
  • "responderUrl": "string",
  • "crlUrl": "string",
  • "refresh": "string",
  • "trustedForClientAuthentication": true,
  • "trustedForServerAuthentication": true,
  • "outdatedRevocationStatusPolicy": "revoked",
  • "timeout": "string",
  • "proxy": "string",
  • "cacheTimeToIdle": "string",
  • "public": true,
  • "downloadable": true
}

Update an existing certificate authority

Update an existing certificate authority

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Certificate authority to update

certificate
required
string
name
required
string
subjectKeyIdentifier
string or null
responderUrl
string or null
crlUrl
string or null
refresh
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
trustedForClientAuthentication
required
boolean
trustedForServerAuthentication
required
boolean
outdatedRevocationStatusPolicy
required
string
Enum: "revoked" "unknown" "lastavailablestatus"
timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
proxy
string or null
cacheTimeToIdle
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
public
required
boolean
downloadable
boolean

Responses

Request samples

Content type
application/json
{
  • "certificate": "string",
  • "name": "string",
  • "subjectKeyIdentifier": "string",
  • "responderUrl": "string",
  • "crlUrl": "string",
  • "refresh": "string",
  • "trustedForClientAuthentication": true,
  • "trustedForServerAuthentication": true,
  • "outdatedRevocationStatusPolicy": "revoked",
  • "timeout": "string",
  • "proxy": "string",
  • "cacheTimeToIdle": "string",
  • "public": true,
  • "downloadable": true
}

Response samples

Content type
application/json
{
  • "certificate": {
    },
  • "name": "string",
  • "subjectKeyIdentifier": "string",
  • "responderUrl": "string",
  • "crlUrl": "string",
  • "refresh": "string",
  • "trustedForClientAuthentication": true,
  • "trustedForServerAuthentication": true,
  • "outdatedRevocationStatusPolicy": "revoked",
  • "timeout": "string",
  • "proxy": "string",
  • "cacheTimeToIdle": "string",
  • "public": true,
  • "downloadable": true
}

Delete an existing certificate authority

Delete an existing certificate authority based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Retrieve an existing certificate authority

Retrieve an existing certificate authority based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "certificate": {
    },
  • "name": "string",
  • "subjectKeyIdentifier": "string",
  • "responderUrl": "string",
  • "crlUrl": "string",
  • "refresh": "string",
  • "trustedForClientAuthentication": true,
  • "trustedForServerAuthentication": true,
  • "outdatedRevocationStatusPolicy": "revoked",
  • "timeout": "string",
  • "proxy": "string",
  • "cacheTimeToIdle": "string",
  • "public": true,
  • "downloadable": true
}

Trust Chains

Trust chain API

List the public trust chains

List the public trust chains

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve the trust chain for a specific public Certificate Authority

Retrieve the trust chain for a specific public Certificate Authority based on the Certificate Authority name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "certificate": {
    },
  • "subordinates": [
    ]
}

Cache CRL

Cache API

List the CRL cache info

List the CRL cache info

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve the CRL cache info for a specific certificate authority

Retrieve the CRL cache info for a specific certificate authority based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
ca
required
string

Responses

Response samples

Content type
application/json
{
  • "ca": "string",
  • "number": 0,
  • "issuerDn": "string",
  • "thisUpdate": 0,
  • "nextUpdate": 0,
  • "lastRefresh": 0,
  • "nextRefresh": 0,
  • "size": 0,
  • "error": "string"
}

PKI Queues

PKI - Queue API

List the existing pki queue(s)

List the existing pki queue(s)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new pki queue

Register a new pki queue

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The pki queue to register

name
required
string
description
string or null
throttleDuration
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
throttleParallelism
integer or null <int32>
clusterWide
required
boolean
size
required
integer <int32>

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "throttleDuration": "5 seconds",
  • "throttleParallelism": 0,
  • "clusterWide": true,
  • "size": 0
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": "string",
  • "throttleDuration": "5 seconds",
  • "throttleParallelism": 0,
  • "clusterWide": true,
  • "size": 0
}

Update an existing pki queue

Update an existing pki queue

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The pki queue to update

name
required
string
description
string or null
throttleDuration
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
throttleParallelism
integer or null <int32>
clusterWide
required
boolean
size
required
integer <int32>

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "throttleDuration": "5 seconds",
  • "throttleParallelism": 0,
  • "clusterWide": true,
  • "size": 0
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": "string",
  • "throttleDuration": "5 seconds",
  • "throttleParallelism": 0,
  • "clusterWide": true,
  • "size": 0
}

Delete an existing pki queue

Delete an existing pki queue based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "PKI-QUEUE-005",
  • "message": "Referenced PKI Queue",
  • "title": "Referenced PKI Queue",
  • "detail": "Details about the error"
}

Retrieve an existing pki queue

Retrieve an existing pki queue based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": "string",
  • "throttleDuration": "5 seconds",
  • "throttleParallelism": 0,
  • "clusterWide": true,
  • "size": 0
}

PKI Connectors

PKI - Connector API

List the existing PKI connector(s)

List the existing PKI connector(s)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new PKI connector

Register a new PKI connector

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

PKI connector to register

One of
name
required
string
type
required
string
Value: "stream"
endPoint
required
string

Stream's base endpoint

template
required
string

Stream's certificate template to use for enrollment

ca
required
string

Stream's technical name of the CA on which to enroll

loginCredentials
string or null

Name of the password credentials to use to authenticate on the PKI

authenticationCredentials
string or null

Name of the certificate credentials to use to authenticate on the PKI

timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
proxy
string or null
queue
string or null

Responses

Request samples

Content type
application/json
Example
{
  • "name": "string",
  • "type": "stream",
  • "endPoint": "string",
  • "template": "string",
  • "ca": "string",
  • "loginCredentials": "myPasswordCredentials",
  • "authenticationCredentials": "myCertificateCredentials",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "queue": "string"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "type": "stream",
  • "endPoint": "string",
  • "template": "string",
  • "ca": "string",
  • "loginCredentials": "myPasswordCredentials",
  • "authenticationCredentials": "myCertificateCredentials",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "queue": "string",
  • "status": {
    }
}

Update an existing PKI connector

Update an existing PKI connector

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

PKI connector to update

One of
name
required
string
type
required
string
Value: "stream"
endPoint
required
string

Stream's base endpoint

template
required
string

Stream's certificate template to use for enrollment

ca
required
string

Stream's technical name of the CA on which to enroll

loginCredentials
string or null

Name of the password credentials to use to authenticate on the PKI

authenticationCredentials
string or null

Name of the certificate credentials to use to authenticate on the PKI

timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
proxy
string or null
queue
string or null

Responses

Request samples

Content type
application/json
Example
{
  • "name": "string",
  • "type": "stream",
  • "endPoint": "string",
  • "template": "string",
  • "ca": "string",
  • "loginCredentials": "myPasswordCredentials",
  • "authenticationCredentials": "myCertificateCredentials",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "queue": "string"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "type": "stream",
  • "endPoint": "string",
  • "template": "string",
  • "ca": "string",
  • "loginCredentials": "myPasswordCredentials",
  • "authenticationCredentials": "myCertificateCredentials",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "queue": "string",
  • "status": {
    }
}

Retrieve an existing PKI connector

Retrieve an existing PKI connector based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "type": "stream",
  • "endPoint": "string",
  • "template": "string",
  • "ca": "string",
  • "loginCredentials": "myPasswordCredentials",
  • "authenticationCredentials": "myCertificateCredentials",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "queue": "string",
  • "status": {
    }
}

Delete an existing PKI connector

Delete an existing PKI connector based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "PKI-CONNECTOR-005",
  • "message": "Referenced PKI Connector",
  • "title": "Referenced PKI Connector",
  • "detail": "Details about the error"
}

Credentials

Credentials regroup all third parties authentication secrets for secure and easy management.

List credentials

Retrieves a list of all existing credentials

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create new credentials

Create new credentials in Horizon

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required
One of
type
required
string
Value: "x509"

These credentials type

required
object (Certificate And Key Storage)

These credentials certificate

name
required
string

These credentials identifying name

description
string or null

These credentials description

expires
integer or null <epoch>

The expiration date of these credentials

object

Triggers to run for these credentials

targets
Array of strings
Items Enum: "pkiconnector" "scepra" "oidc" "thirdparty" "mdm" "exchange" "rest" "datasource" "proxy"

On which configuration the credentials are usable

Responses

Request samples

Content type
application/json
Example
{
  • "type": "certificate",
  • "store": {
    },
  • "name": "My credentials",
  • "description": "To authenticate on Stream",
  • "expires": 1683021380000,
  • "triggers": {
    },
  • "targets": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "expires": 1683021380000,
  • "type": "certificate",
  • "store": {
    },
  • "name": "My credentials",
  • "description": "To authenticate on Stream",
  • "triggers": {
    },
  • "targets": [
    ]
}

Update credentials

Update existing credentials

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The credentials to update

One of
type
required
string
Value: "x509"

These credentials type

required
object (Certificate And Key Storage)

These credentials certificate

name
required
string

These credentials identifying name

description
string or null

These credentials description

expires
integer or null <epoch>

The expiration date of these credentials

object

Triggers to run for these credentials

targets
Array of strings
Items Enum: "pkiconnector" "scepra" "oidc" "thirdparty" "mdm" "exchange" "rest" "datasource" "proxy"

On which configuration the credentials are usable

Responses

Request samples

Content type
application/json
Example
{
  • "type": "certificate",
  • "store": {
    },
  • "name": "My credentials",
  • "description": "To authenticate on Stream",
  • "expires": 1683021380000,
  • "triggers": {
    },
  • "targets": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "expires": 1683021380000,
  • "type": "certificate",
  • "store": {
    },
  • "name": "My credentials",
  • "description": "To authenticate on Stream",
  • "triggers": {
    },
  • "targets": [
    ]
}

Retrieve credentials

Retrieves existing credentials based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: SuperAdmin

Credentials name

Responses

Response samples

Content type
application/json
Example
{
  • "expires": 1683021380000,
  • "type": "certificate",
  • "store": {
    },
  • "name": "My credentials",
  • "description": "To authenticate on Stream",
  • "triggers": {
    },
  • "targets": [
    ]
}

Delete credentials

Delete existing credentials based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string
Example: SuperAdmins

Credentials name

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "CREDENTIALS-005",
  • "message": "Referenced Credentials",
  • "title": "Referenced Credentials",
  • "detail": "Details about the error"
}

Triggers

Triggers are actions executed on an event.

Triggers and notifications

These actions includes two categories:

  • third party synchronization
  • notifications

While being very different on the functional side, these two categories follow the same behavior and are both configured using this API.

List the existing trigger(s)

List the existing trigger(s) with the capability to filter on type and/or module.

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
types
Array of strings
Items Enum: "akv" "aws" "email" "f5client" "intunepkcs" "ldappub" "gcm"
module
string or null
Enum: "acme" "est" "aws" "f5client" "intune" "jamf" "scep" "wcce" "webra" "intunepkcs"

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new trigger

Register a new trigger

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The trigger to register

One of
type
required
string
Value: "email"

The type of notification

required
object (Email template)

Where and what to send in the email

ifPkcs12
boolean or null

On events triggering an enrollment, select if mail is sent:

  • Always: set the value to null
  • Only when a PKCS#12 is available in the request: set the value to true
  • Only when a PKCS#12 is not in the request: set the value to false
attachPemCertificate
boolean or null

Attach the certificate in PEM format if available

attachPemBundle
boolean or null

Attach the certificate and its trust chain (bundle) in PEM format if available

attachDerCertificate
boolean or null

Attach the certificate in DER format if available

attachPkcs7
boolean or null

Attach the certificate in PKCS7 format if available

attachPkcs7Bundle
boolean or null

Attach the certificate and its trust chain (bundle) in PKCS7 format if available

attachPkcs12
boolean or null

Attach the certificate in PKCS#12 format if available

name
required
string

Name of the notification

retries
integer or null

Number of retries when the notification fails

runPeriod
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...

Time period at which the notification needs to run. Can only be defined on expiration and pending events.

licenseUsagePercent
integer or null

License usage at which the notification needs to run (between 0 and 100). Must be defined on on_license_usage event and must NOT be defined otherwise.

events
required
Array of strings
Items Enum: "on_enroll" "on_submit_enroll" "on_approve_enroll" "on_deny_enroll" "on_cancel_enroll" "on_pending_enroll" "on_renew" "on_submit_renew" "on_approve_renew" "on_deny_renew" "on_cancel_renew" "on_pending_renew" "on_update" "on_submit_update" "on_approve_update" "on_deny_update" "on_cancel_update" "on_pending_update" "on_migrate" "on_submit_migrate" "on_approve_migrate" "on_deny_migrate" "on_cancel_migrate" "on_pending_migrate" "on_recover" "on_submit_recover" "on_approve_recover" "on_deny_recover" "on_cancel_recover" "on_pending_recover" "on_revoke" "on_submit_revoke" "on_approve_revoke" "on_deny_revoke" "on_cancel_revoke" "on_pending_revoke" "on_import" "on_submit_import" "on_approve_import" "on_deny_import" "on_cancel_import" "on_pending_import" "on_expire" "on_credentials_expiration" "on_license_expiration" "on_license_usage" "on_test" "on_trigger_error"

Event on which the notification runs. This MUST contain only one value.

runOnRenewed
boolean or null

Must be defined on on_expire event and must NOT be defined otherwise. If true, the notification runs even if the certificate was renewed.

Responses

Request samples

Content type
application/json
Example
{
  • "type": "email",
  • "emailTemplate": {
    },
  • "ifPkcs12": true,
  • "attachPemCertificate": true,
  • "attachPemBundle": true,
  • "attachDerCertificate": true,
  • "attachPkcs7": true,
  • "attachPkcs7Bundle": true,
  • "attachPkcs12": true,
  • "name": "NOTIFICATION_ENROLL",
  • "retries": 10,
  • "runPeriod": "5 days",
  • "licenseUsagePercent": 50,
  • "events": [
    ],
  • "runOnRenewed": null
}

Response samples

Content type
application/json
Example
{
  • "type": "email",
  • "emailTemplate": {
    },
  • "ifPkcs12": true,
  • "attachPemCertificate": true,
  • "attachPemBundle": true,
  • "attachDerCertificate": true,
  • "attachPkcs7": true,
  • "attachPkcs7Bundle": true,
  • "attachPkcs12": true,
  • "name": "NOTIFICATION_ENROLL",
  • "retries": 10,
  • "runPeriod": "5 days",
  • "licenseUsagePercent": 50,
  • "events": [
    ],
  • "runOnRenewed": null
}

Update an existing trigger

Update an existing trigger

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Trigger to update

One of
type
required
string
Value: "email"

The type of notification

required
object (Email template)

Where and what to send in the email

ifPkcs12
boolean or null

On events triggering an enrollment, select if mail is sent:

  • Always: set the value to null
  • Only when a PKCS#12 is available in the request: set the value to true
  • Only when a PKCS#12 is not in the request: set the value to false
attachPemCertificate
boolean or null

Attach the certificate in PEM format if available

attachPemBundle
boolean or null

Attach the certificate and its trust chain (bundle) in PEM format if available

attachDerCertificate
boolean or null

Attach the certificate in DER format if available

attachPkcs7
boolean or null

Attach the certificate in PKCS7 format if available

attachPkcs7Bundle
boolean or null

Attach the certificate and its trust chain (bundle) in PKCS7 format if available

attachPkcs12
boolean or null

Attach the certificate in PKCS#12 format if available

name
required
string

Name of the notification

retries
integer or null

Number of retries when the notification fails

runPeriod
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...

Time period at which the notification needs to run. Can only be defined on expiration and pending events.

licenseUsagePercent
integer or null

License usage at which the notification needs to run (between 0 and 100). Must be defined on on_license_usage event and must NOT be defined otherwise.

events
required
Array of strings
Items Enum: "on_enroll" "on_submit_enroll" "on_approve_enroll" "on_deny_enroll" "on_cancel_enroll" "on_pending_enroll" "on_renew" "on_submit_renew" "on_approve_renew" "on_deny_renew" "on_cancel_renew" "on_pending_renew" "on_update" "on_submit_update" "on_approve_update" "on_deny_update" "on_cancel_update" "on_pending_update" "on_migrate" "on_submit_migrate" "on_approve_migrate" "on_deny_migrate" "on_cancel_migrate" "on_pending_migrate" "on_recover" "on_submit_recover" "on_approve_recover" "on_deny_recover" "on_cancel_recover" "on_pending_recover" "on_revoke" "on_submit_revoke" "on_approve_revoke" "on_deny_revoke" "on_cancel_revoke" "on_pending_revoke" "on_import" "on_submit_import" "on_approve_import" "on_deny_import" "on_cancel_import" "on_pending_import" "on_expire" "on_credentials_expiration" "on_license_expiration" "on_license_usage" "on_test" "on_trigger_error"

Event on which the notification runs. This MUST contain only one value.

runOnRenewed
boolean or null

Must be defined on on_expire event and must NOT be defined otherwise. If true, the notification runs even if the certificate was renewed.

Responses

Request samples

Content type
application/json
Example
{
  • "type": "email",
  • "emailTemplate": {
    },
  • "ifPkcs12": true,
  • "attachPemCertificate": true,
  • "attachPemBundle": true,
  • "attachDerCertificate": true,
  • "attachPkcs7": true,
  • "attachPkcs7Bundle": true,
  • "attachPkcs12": true,
  • "name": "NOTIFICATION_ENROLL",
  • "retries": 10,
  • "runPeriod": "5 days",
  • "licenseUsagePercent": 50,
  • "events": [
    ],
  • "runOnRenewed": null
}

Response samples

Content type
application/json
Example
{
  • "type": "email",
  • "emailTemplate": {
    },
  • "ifPkcs12": true,
  • "attachPemCertificate": true,
  • "attachPemBundle": true,
  • "attachDerCertificate": true,
  • "attachPkcs7": true,
  • "attachPkcs7Bundle": true,
  • "attachPkcs12": true,
  • "name": "NOTIFICATION_ENROLL",
  • "retries": 10,
  • "runPeriod": "5 days",
  • "licenseUsagePercent": 50,
  • "events": [
    ],
  • "runOnRenewed": null
}

Test a trigger

Test an existing trigger

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Trigger to test and its dictionary

required
Email Notification (object) or Webhook Notification (Groupware) (object) or REST notification (object)

The trigger to test

Array of objects or null (Map entry)

Dictionary that will be interpreted by the trigger

Responses

Request samples

Content type
application/json
{
  • "trigger": {
    },
  • "dictionary": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "status": "success",
  • "message": "Email successfully sent to test@evertrust.io"
}

Retrieve an existing trigger

Retrieve an existing trigger based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "type": "email",
  • "emailTemplate": {
    },
  • "ifPkcs12": true,
  • "attachPemCertificate": true,
  • "attachPemBundle": true,
  • "attachDerCertificate": true,
  • "attachPkcs7": true,
  • "attachPkcs7Bundle": true,
  • "attachPkcs12": true,
  • "name": "NOTIFICATION_ENROLL",
  • "retries": 10,
  • "runPeriod": "5 days",
  • "licenseUsagePercent": 50,
  • "events": [
    ],
  • "runOnRenewed": null
}

Delete an existing trigger

Delete an existing trigger based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "TRIG-005",
  • "message": "Referenced Trigger",
  • "title": "Referenced Trigger",
  • "detail": "Details about the error"
}

Scheduled Tasks

Scheduled tasks allow operations to be run on a recurring schedule using CRON expressions. Lifecycle or reporting schedule tasks can be created.

List the existing scheduled task(s)

List the existing scheduled task(s)

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
scheduledTaskType
string or null

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new scheduled task

Register a new scheduled task

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Scheduled task to register

One of
type
required
string
Value: "report"
cron
required
string <Quartz Cron>
host
string or null
status
string or null
Enum: "warning" "failure" "success" "running"
lastExecutionDate
integer or null <epoch>
lastCompletionDate
integer or null <epoch>
detail
string or null
executionId
string or null
enabled
required
boolean
name
required
string
fileName
string or null
required
Array of objects (ReportRecipient)
from
required
string
title
required
string
body
string or null
isHtml
required
boolean
compressCsv
boolean

Should the report be compressed using GZ. It will divide by two the size of the csv

hqlType
required
string
Enum: "heql" "hcql" "hrql" "hpql" "hdql"
hqlQuery
string or null
hqlFields
Array of strings or null
Array of objects or null (SortElement)
description
string or null

Responses

Request samples

Content type
application/json
Example
{
  • "type": "report",
  • "cron": "string",
  • "host": "string",
  • "status": "warning",
  • "lastExecutionDate": 0,
  • "lastCompletionDate": 0,
  • "detail": "string",
  • "executionId": "string",
  • "enabled": true,
  • "name": "string",
  • "fileName": "string",
  • "recipients": [
    ],
  • "from": "string",
  • "title": "string",
  • "body": "string",
  • "isHtml": true,
  • "compressCsv": true,
  • "hqlType": "heql",
  • "hqlQuery": "string",
  • "hqlFields": [
    ],
  • "hqlSortedBy": [
    ],
  • "description": "string"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "report",
  • "cron": "string",
  • "host": "string",
  • "status": "warning",
  • "lastExecutionDate": 0,
  • "lastCompletionDate": 0,
  • "detail": "string",
  • "executionId": "string",
  • "enabled": true,
  • "name": "string",
  • "fileName": "string",
  • "recipients": [
    ],
  • "from": "string",
  • "title": "string",
  • "body": "string",
  • "isHtml": true,
  • "compressCsv": true,
  • "hqlType": "heql",
  • "hqlQuery": "string",
  • "hqlFields": [
    ],
  • "hqlSortedBy": [
    ],
  • "description": "string"
}

Update an existing scheduled task

Update an existing scheduled task

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Scheduled task to update

One of
type
required
string
Value: "thirdparty"
cron
required
string <Quartz Cron>
host
string or null
status
string or null
Enum: "warning" "failure" "success" "running"
lastExecutionDate
integer or null <epoch>
lastCompletionDate
integer or null <epoch>
detail
string or null
dryRun
required
boolean
executionId
string or null
enabled
required
boolean
module
required
string
profile
required
string
connector
required
string
enroll
required
boolean
revoke
required
boolean
renew
required
boolean
object or null
description
string or null

Responses

Request samples

Content type
application/json
Example
{
  • "type": "thirdparty",
  • "cron": "string",
  • "host": "string",
  • "status": "warning",
  • "lastExecutionDate": 0,
  • "lastCompletionDate": 0,
  • "detail": "string",
  • "dryRun": true,
  • "executionId": "string",
  • "enabled": true,
  • "module": "string",
  • "profile": "string",
  • "connector": "string",
  • "enroll": true,
  • "revoke": true,
  • "renew": true,
  • "results": {
    },
  • "description": "string"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "thirdparty",
  • "cron": "string",
  • "host": "string",
  • "status": "warning",
  • "lastExecutionDate": 0,
  • "lastCompletionDate": 0,
  • "detail": "string",
  • "dryRun": true,
  • "executionId": "string",
  • "enabled": true,
  • "module": "string",
  • "profile": "string",
  • "connector": "string",
  • "enroll": true,
  • "revoke": true,
  • "renew": true,
  • "results": {
    },
  • "description": "string"
}

Run an existing scheduled task

Run an existing scheduled task based on its id

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "SCHED-TASK-002",
  • "message": "Invalid Scheduled Task",
  • "title": "Invalid Scheduled Task",
  • "detail": "Details about the error"
}

Retrieve an existing scheduled task

Retrieve an existing scheduled task based on its id

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "report",
  • "cron": "string",
  • "host": "string",
  • "status": "warning",
  • "lastExecutionDate": 0,
  • "lastCompletionDate": 0,
  • "detail": "string",
  • "executionId": "string",
  • "enabled": true,
  • "name": "string",
  • "fileName": "string",
  • "recipients": [
    ],
  • "from": "string",
  • "title": "string",
  • "body": "string",
  • "isHtml": true,
  • "compressCsv": true,
  • "hqlType": "heql",
  • "hqlQuery": "string",
  • "hqlFields": [
    ],
  • "hqlSortedBy": [
    ],
  • "description": "string"
}

Delete an existing scheduled task

Delete an existing scheduled task based on its id

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Automation execution

Automation execution API

List the existing execution policies

List the existing execution policies

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new execution policy

Register a new execution policy

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Execution policy to register

name
required
string
description
string or null
Array of objects or null (ExecutionPeriod)
Array of objects or null (ExecutionPeriod)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "authorizedPeriods": [
    ],
  • "forbiddenPeriods": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": "string",
  • "authorizedPeriods": [
    ],
  • "forbiddenPeriods": [
    ]
}

Update an existing execution policy

Update an existing execution policy

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Execution policy to update

name
required
string
description
string or null
Array of objects or null (ExecutionPeriod)
Array of objects or null (ExecutionPeriod)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "authorizedPeriods": [
    ],
  • "forbiddenPeriods": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": "string",
  • "authorizedPeriods": [
    ],
  • "forbiddenPeriods": [
    ]
}

Delete an existing execution policy

Delete an existing execution policy based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Retrieve an existing execution policy

Retrieve an existing execution policy based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": "string",
  • "authorizedPeriods": [
    ],
  • "forbiddenPeriods": [
    ]
}

Automation policy

Automation policy API

List the existing automation policies

List the existing automation policies

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new automation policy

Register a new automation policy

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Automation policy to register

name
required
string
executionPolicy
string or null
object or null
trustChains
Array of strings or null
profile
required
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "executionPolicy": "string",
  • "compliancePolicy": {
    },
  • "trustChains": [
    ],
  • "profile": "string"
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "executionPolicy": "string",
  • "compliancePolicy": {
    },
  • "trustChains": [
    ],
  • "profile": "string"
}

Update an existing automation policy

Update an existing automation policy

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Automation policy to update

name
required
string
executionPolicy
string or null
object or null
trustChains
Array of strings or null
profile
required
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "executionPolicy": "string",
  • "compliancePolicy": {
    },
  • "trustChains": [
    ],
  • "profile": "string"
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "executionPolicy": "string",
  • "compliancePolicy": {
    },
  • "trustChains": [
    ],
  • "profile": "string"
}

Delete an existing automation policy

Delete an existing automation policy based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Retrieve an existing automation policy

Retrieve an existing automation policy based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "executionPolicy": "string",
  • "compliancePolicy": {
    },
  • "trustChains": [
    ],
  • "profile": "string"
}

Certificate Profiles

Certificate Profile API

List the existing certificate profiles

List the existing certificate profiles with the capability to filter on a list of module(s)

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
modules
required
Array of strings

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new certificate profile

Register a new certificate profile

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Certificate profile to register

One of
module
required
string
Value: "acme"
name
required
string
Array of objects or null (LocalizedString)
Array of objects or null (LocalizedString)
enabled
required
boolean
timeout
required
string <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
object or null
object or null
authorizationMethods
Array of strings or null
pkiConnector
required
string
http01Port
integer or null <int32>
tlsAlpn01Port
integer or null <int32>
authorizeShortName
required
boolean
authorizeEmptyContact
required
boolean
defaultContacts
Array of strings or null
verifyRetryCount
required
integer <int32>
verifyRetryDelay
required
string <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
requireTermsOfService
required
boolean
renewalPeriod
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
object or null
object or null
maxDnsName
integer or null <int32>
proxy
string or null
required
object
object or null
required
object
required
object
object or null
required
object (Certificate profile crypto policy)
gradingPolicies
Array of strings or null
Array of objects or null (Datasource Flow)

Representation of a datasource execution flow

Responses

Request samples

Content type
application/json
Example
{
  • "module": "acme",
  • "name": "string",
  • "displayName": [
    ],
  • "description": [
    ],
  • "enabled": true,
  • "timeout": "5 seconds",
  • "meta": {
    },
  • "constraints": {
    },
  • "authorizationMethods": [
    ],
  • "pkiConnector": "string",
  • "http01Port": 0,
  • "tlsAlpn01Port": 0,
  • "authorizeShortName": true,
  • "authorizeEmptyContact": true,
  • "defaultContacts": [
    ],
  • "verifyRetryCount": 0,
  • "verifyRetryDelay": "5 seconds",
  • "requireTermsOfService": true,
  • "renewalPeriod": "5 seconds",
  • "csrDataMapping": {
    },
  • "maxCertificatePerHolderPolicy": {
    },
  • "maxDnsName": 0,
  • "proxy": "string",
  • "authorizationLevels": {
    },
  • "triggers": {
    },
  • "requestsPolicy": {
    },
  • "selfPermissions": {
    },
  • "certificateTemplate": {
    },
  • "cryptoPolicy": {
    },
  • "gradingPolicies": [
    ],
  • "dsFlow": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "module": "acme",
  • "name": "string",
  • "displayName": [
    ],
  • "description": [
    ],
  • "enabled": true,
  • "timeout": "5 seconds",
  • "meta": {
    },
  • "constraints": {
    },
  • "authorizationMethods": [
    ],
  • "pkiConnector": "string",
  • "http01Port": 0,
  • "tlsAlpn01Port": 0,
  • "authorizeShortName": true,
  • "authorizeEmptyContact": true,
  • "defaultContacts": [
    ],
  • "verifyRetryCount": 0,
  • "verifyRetryDelay": "5 seconds",
  • "requireTermsOfService": true,
  • "renewalPeriod": "5 seconds",
  • "csrDataMapping": {
    },
  • "maxCertificatePerHolderPolicy": {
    },
  • "maxDnsName": 0,
  • "proxy": "string",
  • "authorizationLevels": {
    },
  • "triggers": {
    },
  • "requestsPolicy": {
    },
  • "selfPermissions": {
    },
  • "certificateTemplate": {
    },
  • "cryptoPolicy": {
    },
  • "gradingPolicies": [
    ],
  • "dsFlow": [
    ]
}

Update an existing certificate profile

Update an existing certificate profile

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Certificate profile to update

One of
module
required
string
Value: "acme"
name
required
string
Array of objects or null (LocalizedString)
Array of objects or null (LocalizedString)
enabled
required
boolean
timeout
required
string <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
object or null
object or null
authorizationMethods
Array of strings or null
pkiConnector
required
string
http01Port
integer or null <int32>
tlsAlpn01Port
integer or null <int32>
authorizeShortName
required
boolean
authorizeEmptyContact
required
boolean
defaultContacts
Array of strings or null
verifyRetryCount
required
integer <int32>
verifyRetryDelay
required
string <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
requireTermsOfService
required
boolean
renewalPeriod
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
object or null
object or null
maxDnsName
integer or null <int32>
proxy
string or null
required
object
object or null
required
object
required
object
object or null
required
object (Certificate profile crypto policy)
gradingPolicies
Array of strings or null
Array of objects or null (Datasource Flow)

Representation of a datasource execution flow

Responses

Request samples

Content type
application/json
Example
{
  • "module": "acme",
  • "name": "string",
  • "displayName": [
    ],
  • "description": [
    ],
  • "enabled": true,
  • "timeout": "5 seconds",
  • "meta": {
    },
  • "constraints": {
    },
  • "authorizationMethods": [
    ],
  • "pkiConnector": "string",
  • "http01Port": 0,
  • "tlsAlpn01Port": 0,
  • "authorizeShortName": true,
  • "authorizeEmptyContact": true,
  • "defaultContacts": [
    ],
  • "verifyRetryCount": 0,
  • "verifyRetryDelay": "5 seconds",
  • "requireTermsOfService": true,
  • "renewalPeriod": "5 seconds",
  • "csrDataMapping": {
    },
  • "maxCertificatePerHolderPolicy": {
    },
  • "maxDnsName": 0,
  • "proxy": "string",
  • "authorizationLevels": {
    },
  • "triggers": {
    },
  • "requestsPolicy": {
    },
  • "selfPermissions": {
    },
  • "certificateTemplate": {
    },
  • "cryptoPolicy": {
    },
  • "gradingPolicies": [
    ],
  • "dsFlow": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "module": "acme",
  • "name": "string",
  • "displayName": [
    ],
  • "description": [
    ],
  • "enabled": true,
  • "timeout": "5 seconds",
  • "meta": {
    },
  • "constraints": {
    },
  • "authorizationMethods": [
    ],
  • "pkiConnector": "string",
  • "http01Port": 0,
  • "tlsAlpn01Port": 0,
  • "authorizeShortName": true,
  • "authorizeEmptyContact": true,
  • "defaultContacts": [
    ],
  • "verifyRetryCount": 0,
  • "verifyRetryDelay": "5 seconds",
  • "requireTermsOfService": true,
  • "renewalPeriod": "5 seconds",
  • "csrDataMapping": {
    },
  • "maxCertificatePerHolderPolicy": {
    },
  • "maxDnsName": 0,
  • "proxy": "string",
  • "authorizationLevels": {
    },
  • "triggers": {
    },
  • "requestsPolicy": {
    },
  • "selfPermissions": {
    },
  • "certificateTemplate": {
    },
  • "cryptoPolicy": {
    },
  • "gradingPolicies": [
    ],
  • "dsFlow": [
    ]
}

Retrieve a specific certificate profile

Retrieve a specific certificate profile based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "module": "acme",
  • "name": "string",
  • "displayName": [
    ],
  • "description": [
    ],
  • "enabled": true,
  • "timeout": "5 seconds",
  • "meta": {
    },
  • "constraints": {
    },
  • "authorizationMethods": [
    ],
  • "pkiConnector": "string",
  • "http01Port": 0,
  • "tlsAlpn01Port": 0,
  • "authorizeShortName": true,
  • "authorizeEmptyContact": true,
  • "defaultContacts": [
    ],
  • "verifyRetryCount": 0,
  • "verifyRetryDelay": "5 seconds",
  • "requireTermsOfService": true,
  • "renewalPeriod": "5 seconds",
  • "csrDataMapping": {
    },
  • "maxCertificatePerHolderPolicy": {
    },
  • "maxDnsName": 0,
  • "proxy": "string",
  • "authorizationLevels": {
    },
  • "triggers": {
    },
  • "requestsPolicy": {
    },
  • "selfPermissions": {
    },
  • "certificateTemplate": {
    },
  • "cryptoPolicy": {
    },
  • "gradingPolicies": [
    ],
  • "dsFlow": [
    ]
}

Delete a certificate profile

Delete a certificate profile based on its name. Will also delete any role or principal permission associated to this profile

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Third Party Connectors

Third Party Connector API

List the existing third party connector(s)

List the existing third party connector(s). The list can be filtered with type and/or module.

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
type
string or null
Enum: "akv" "aws" "intune" "f5client" "jamf" "msad" "intunepkcs" "ldappub" "gcm"
module
string or null
Enum: "acme" "est" "aws" "f5client" "intune" "jamf" "scep" "wcce" "webra" "intunepkcs"

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new third party connector

Register a new third party connector

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Third party connector to register

One of
type
required
string
Value: "aws"
name
required
string
throttleDuration
required
string <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
renewalPeriod
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
proxy
string or null
region
required
string
credentials
string or null

Name of the password credentials containing Access Key Id and Secret Access Key. If not defined, an account present in environment variables can be used.

resourceGroupName
string or null
roleArn
string or null
tagKey
string or null
tagValue
string or null

Responses

Request samples

Content type
application/json
Example
{
  • "type": "aws",
  • "name": "string",
  • "throttleDuration": "5 seconds",
  • "renewalPeriod": "5 seconds",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "region": "string",
  • "credentials": "myPasswordCredentials",
  • "resourceGroupName": "string",
  • "roleArn": "string",
  • "tagKey": "string",
  • "tagValue": "string"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "aws",
  • "name": "string",
  • "throttleDuration": "5 seconds",
  • "renewalPeriod": "5 seconds",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "region": "string",
  • "credentials": "myPasswordCredentials",
  • "resourceGroupName": "string",
  • "roleArn": "string",
  • "tagKey": "string",
  • "tagValue": "string"
}

Update an existing third party connector

Update an existing third party connector

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Third party connector to update

One of
type
required
string
Value: "aws"
name
required
string
throttleDuration
required
string <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
renewalPeriod
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
proxy
string or null
region
required
string
credentials
string or null

Name of the password credentials containing Access Key Id and Secret Access Key. If not defined, an account present in environment variables can be used.

resourceGroupName
string or null
roleArn
string or null
tagKey
string or null
tagValue
string or null

Responses

Request samples

Content type
application/json
Example
{
  • "type": "aws",
  • "name": "string",
  • "throttleDuration": "5 seconds",
  • "renewalPeriod": "5 seconds",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "region": "string",
  • "credentials": "myPasswordCredentials",
  • "resourceGroupName": "string",
  • "roleArn": "string",
  • "tagKey": "string",
  • "tagValue": "string"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "aws",
  • "name": "string",
  • "throttleDuration": "5 seconds",
  • "renewalPeriod": "5 seconds",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "region": "string",
  • "credentials": "myPasswordCredentials",
  • "resourceGroupName": "string",
  • "roleArn": "string",
  • "tagKey": "string",
  • "tagValue": "string"
}

Retrieve an existing third party connector

Retrieve an existing third party connector based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "aws",
  • "name": "string",
  • "throttleDuration": "5 seconds",
  • "renewalPeriod": "5 seconds",
  • "timeout": "5 seconds",
  • "proxy": "string",
  • "region": "string",
  • "credentials": "myPasswordCredentials",
  • "resourceGroupName": "string",
  • "roleArn": "string",
  • "tagKey": "string",
  • "tagValue": "string"
}

Delete an existing third party connector

Delete an existing third party connector based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "THIRDPARTY-CONNECTOR-005",
  • "message": "Referenced third party Connector",
  • "title": "Referenced third party Connector",
  • "detail": "Details about the error"
}

Datasources

Datasources allow data to be retrieved from external sources for various usages.

List the existing datasource(s)

List the existing datasource(s)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new datasource

Register a new datasource

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Datasource to register

One of
type
required
string
Value: "dns"

Type of datasource

name
required
string

Name of the datasource

Array of objects or null (LocalizedString)

The localized name of the datasource

description
string

Description of the datasource

host
string or null

Ip of the DNS server. If empty, Horizon Server DNS is used

port
integer or null
Default: 53

Port on which to join the DNS server

timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
Default: "10 seconds"

Timeout for the DNS request

recordTypes
Array of strings or null
Enum: "a" "aaaa" "cname" "ptr" "txt"

Type of DNS records to fetch. All available record types are fetched if null

lookup
required
string <Template String>

Host to lookup

Template strings guide

Responses

Request samples

Content type
application/json
Example
{
  • "type": "dns",
  • "name": "DNS_Datasource",
  • "displayName": [
    ],
  • "description": "Use this datasource to get DNS values...",
  • "host": "36.54.12.2",
  • "port": 68,
  • "timeout": "5 seconds",
  • "recordTypes": [
    ],
  • "lookup": "{{host}}"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "dns",
  • "name": "DNS_Datasource",
  • "displayName": [
    ],
  • "description": "Use this datasource to get DNS values...",
  • "host": "36.54.12.2",
  • "port": 68,
  • "timeout": "5 seconds",
  • "recordTypes": [
    ],
  • "lookup": "{{host}}"
}

Update an existing datasource

Update an existing datasource

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Datasource to update

One of
type
required
string
Value: "dns"

Type of datasource

name
required
string

Name of the datasource

Array of objects or null (LocalizedString)

The localized name of the datasource

description
string

Description of the datasource

host
string or null

Ip of the DNS server. If empty, Horizon Server DNS is used

port
integer or null
Default: 53

Port on which to join the DNS server

timeout
string or null <Finite Duration> ^([0-9]+) *(ms|millisecond|milliseconds|s|sec...
Default: "10 seconds"

Timeout for the DNS request

recordTypes
Array of strings or null
Enum: "a" "aaaa" "cname" "ptr" "txt"

Type of DNS records to fetch. All available record types are fetched if null

lookup
required
string <Template String>

Host to lookup

Template strings guide

Responses

Request samples

Content type
application/json
Example
{
  • "type": "dns",
  • "name": "DNS_Datasource",
  • "displayName": [
    ],
  • "description": "Use this datasource to get DNS values...",
  • "host": "36.54.12.2",
  • "port": 68,
  • "timeout": "5 seconds",
  • "recordTypes": [
    ],
  • "lookup": "{{host}}"
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "dns",
  • "name": "DNS_Datasource",
  • "displayName": [
    ],
  • "description": "Use this datasource to get DNS values...",
  • "host": "36.54.12.2",
  • "port": 68,
  • "timeout": "5 seconds",
  • "recordTypes": [
    ],
  • "lookup": "{{host}}"
}

Test a datasource

Test a datasource

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Datasource to test

required
DNS Datasource (object) or LDAP Datasource (object) or REST Datasource (object)

Datasource to test

Array of objects or null (Map entry)

Context to interpret dynamic values from

Responses

Request samples

Content type
application/json
{
  • "ds": {
    },
  • "context": [
    ]
}

Response samples

Content type
application/json
Example
{
  • "type": "dns",
  • "computedLookupValues": [
    ],
  • "name": "Datasource_name",
  • "status": "success",
  • "dictionary": [
    ],
  • "error": null
}

Get a datasource

Retrieve a datasource

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Name of the datasource to retrieve

Responses

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "dns",
  • "name": "DNS_Datasource",
  • "displayName": [
    ],
  • "description": "Use this datasource to get DNS values...",
  • "host": "36.54.12.2",
  • "port": 68,
  • "timeout": "5 seconds",
  • "recordTypes": [
    ],
  • "lookup": "{{host}}"
}

Delete a datasource

Delete a datasource

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Name of the datasource to delete

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "DS-005",
  • "message": "Referenced DataSource",
  • "title": "Referenced DataSource",
  • "detail": "Details about the error"
}

WCCE

WCCE Module API

List the existing WCCE forest mapping(s)

List the existing WCCE forest mapping(s)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new WCCE forest mapping

Register a new WCCE forest mapping

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The WCCE forest mapping to register

forest
required
string
required
Array of objects (WcceTemplateMapping)

Responses

Request samples

Content type
application/json
{
  • "forest": "string",
  • "templateMappings": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "forest": "string",
  • "templateMappings": [
    ]
}

Update an existing WCCE forest mapping

Update an existing WCCE forest mapping

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The WCCE forest mapping to update

forest
required
string
required
Array of objects (WcceTemplateMapping)

Responses

Request samples

Content type
application/json
{
  • "forest": "string",
  • "templateMappings": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "forest": "string",
  • "templateMappings": [
    ]
}

Retrieve an existing WCCE forest mapping

Retrieve an existing WCCE forest mapping based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "forest": "string",
  • "templateMappings": [
    ]
}

Delete an existing WCCE forest mapping

Delete an existing WCCE forest mapping based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

HTTP Proxies

HTTP Proxy API

List the existing HTTP proxy(ies)

List the existing HTTP proxy(ies)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new HTTP proxy

Register a new HTTP proxy

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

HTTP proxy to register

name
required
string

Name of the proxy

host
required
string

Hostname of the proxy

port
required
integer <int32>

Port of the proxy

credentials
string or null

Name of the password credentials to use for Proxy Basic Authentication

Responses

Request samples

Content type
application/json
{
  • "name": "ExternalProxy",
  • "host": "36.52.145.12",
  • "port": 8888,
  • "credentials": "ProxyCredentials"
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "ExternalProxy",
  • "host": "36.52.145.12",
  • "port": 8888,
  • "credentials": "ProxyCredentials"
}

Update an existing HTTP proxy

Update an existing HTTP proxy

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

HTTP proxy to update

name
required
string

Name of the proxy

host
required
string

Hostname of the proxy

port
required
integer <int32>

Port of the proxy

credentials
string or null

Name of the password credentials to use for Proxy Basic Authentication

Responses

Request samples

Content type
application/json
{
  • "name": "ExternalProxy",
  • "host": "36.52.145.12",
  • "port": 8888,
  • "credentials": "ProxyCredentials"
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "ExternalProxy",
  • "host": "36.52.145.12",
  • "port": 8888,
  • "credentials": "ProxyCredentials"
}

Retrieve an existing HTTP proxy

Retrieve an existing HTTP proxy based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Name of the HTTP Proxy to retrieve

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "ExternalProxy",
  • "host": "36.52.145.12",
  • "port": 8888,
  • "credentials": "ProxyCredentials"
}

Delete an existing HTTP proxy

Delete an existing HTTP proxy based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Name of the HTTP Proxy to delete

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "HTTP-PROXY-005",
  • "message": "Referenced Proxy",
  • "title": "Referenced Proxy",
  • "detail": "Details about the error"
}

System configuration

System configuration handle global settings for Horizon

List the existing system configurations

List the system configurations

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Upsert a system configuration

Upsert a system configuration

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

System configuration entry to upsert

One of
type
required
string
Value: "license"

The type of the configuration entry

object or null (License Triggers)

Triggers to execute on license events

Responses

Request samples

Content type
application/json
Example
{
  • "type": "license",
  • "triggers": {
    }
}

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "license",
  • "triggers": {
    }
}

Upsert a system configuration

Get an existing system configuration

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
type
required
string
Enum: "license" "internal_monitor" "interface_customization"

Type of the configuration entry to get

Responses

Response samples

Content type
application/json
Example
{
  • "_id": "6448d56b310000400063f014",
  • "type": "license",
  • "triggers": {
    }
}

Events

Event API

Event search

Send an event search query (in HEQL format) and return the event search results

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The event search query

query
string or null
Array of objects or null (SortElement)
pageIndex
integer or null <int32>
pageSize
integer or null <int32>
withCount
boolean or null

Responses

Request samples

Content type
application/json
{
  • "query": "string",
  • "sortedBy": [
    ],
  • "pageIndex": 0,
  • "pageSize": 0,
  • "withCount": true
}

Response samples

Content type
application/json
{
  • "results": [
    ],
  • "pageIndex": 0,
  • "pageSize": 0,
  • "count": 0,
  • "hasMore": true
}

Event verify

verify event from id:

  • is id specified: verify only one event
  • is from specified: verify every event from the event specified to the last event registered
  • is to specified: verify every event from the beginning to the event specified
  • is from and to specified: verify every event between the events specified
Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
id
string or null
from
string or null
to
string or null

Responses

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "EVT-004",
  • "message": "Invalid Event",
  • "title": "Invalid Event",
  • "detail": "Details about the error"
}

Retrieved an existing Event

Retrieve an existing event based on its id

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "string",
  • "code": "ACME-ACCOUNT-KEY-CHANGE",
  • "details": [
    ],
  • "module": "acme",
  • "node": "string",
  • "timestamp": 0,
  • "removeAt": 0,
  • "seal": "string",
  • "status": "warning"
}

Discovery Events

A discovery event is a specific event type that can only be raised through the discovery workflow.

Discovery event search

Send a discovery event search query (in HDQL format) and return the discovery event search results in CSV format

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The discovery event search query

query
string or null
Array of objects or null (SortElement)
pageIndex
integer or null <int32>
pageSize
integer or null <int32>
withCount
boolean or null

Responses

Request samples

Content type
application/json
{
  • "query": "string",
  • "sortedBy": [
    ],
  • "pageIndex": 0,
  • "pageSize": 0,
  • "withCount": true
}

Response samples

Content type
application/problem+json
{
  • "status": 400,
  • "error": "HQL-001",
  • "message": "Invalid HQL query",
  • "title": "Invalid HQL query",
  • "detail": "Details about the error"
}

Discovery event search

Send a discovery event search query (in HDQL format) and return the discovery event search results

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

The discovery event search query

query
string or null
Array of objects or null (SortElement)
pageIndex
integer or null <int32>
pageSize
integer or null <int32>
withCount
boolean or null

Responses

Request samples

Content type
application/json
{
  • "query": "string",
  • "sortedBy": [
    ],
  • "pageIndex": 0,
  • "pageSize": 0,
  • "withCount": true
}

Response samples

Content type
application/json
{
  • "results": [
    ],
  • "pageIndex": 0,
  • "pageSize": 0,
  • "count": 0,
  • "hasMore": true
}

Retrieve a specific discovery event

Retrieve a specific discovery event based on its id

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
id
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "code": "NETSCAN",
  • "campaign": "Discovery-DMZ01",
  • "sessionId": "63fce2e13000003c008797c4",
  • "status": "failure",
  • "errorCode": "DISC-FEED-002",
  • "errorMessage": "Invalid Discovery Feed",
  • "timestamp": 1600050000000,
  • "removeAt": 0,
  • "clientVersion": "Horizon Client/1.6",
  • "clientIp": "127.0.0.1",
  • "clientId": "28fd6b8ec75ce39029509c3e76ecd3c0bb160776df89a4a12f4a097862268721",
  • "actorId": "horizon-client",
  • "certificateId": "5f5f9b3b9b0b1d0311c3b0a2",
  • "hostname": "horizon.evertrust.fr",
  • "ip": "127.0.0.1",
  • "port": 443,
  • "source": "netscan"
}

Certificate Labels

Certificate Label API

List the existing labels

List the existing labels

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Register a new label

Register a new label

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Label to register

name
required
string

Technical name of the label

Array of objects or null (LocalizedString)

Display names of the label

Array of objects or null (LocalizedString)

Localized descriptions of the label

Responses

Request samples

Content type
application/json
{
  • "name": "business_unit",
  • "displayName": [
    ],
  • "description": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "business_unit",
  • "displayName": [
    ],
  • "description": [
    ]
}

Update an existing label

Update an existing label

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Label to update

name
required
string

Technical name of the label

Array of objects or null (LocalizedString)

Display names of the label

Array of objects or null (LocalizedString)

Localized descriptions of the label

Responses

Request samples

Content type
application/json
{
  • "name": "business_unit",
  • "displayName": [
    ],
  • "description": [
    ]
}

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "business_unit",
  • "displayName": [
    ],
  • "description": [
    ]
}

Retrieve an existing label

Retrieve an existing label based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "business_unit",
  • "displayName": [
    ],
  • "description": [
    ]
}

Delete an existing label

Delete an existing label based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Certificate Grading Policies

Certificate Grading Policy API

Retrieve an existing grading policy

Retrieve an existing grading policy based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": [
    ],
  • "rulesets": [
    ]
}

Explain a Grading Policy

Explain a Grading Policy based on a certificate provided URL encoded (PEM or DER) in the URL

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
policy
required
string
input
required
string

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": [
    ],
  • "rulesets": [
    ],
  • "certificate": "string",
  • "score": 0.1,
  • "grade": "string",
  • "explained": [
    ]
}

Explain a Grading Policy

Explain a Grading Policy based on a certificate provided in the request body

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
policy
required
string
Request Body schema: multipart/form-data
required

The X509 certificate file PEM or DER encoded

string or string

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": [
    ],
  • "rulesets": [
    ],
  • "certificate": "string",
  • "score": 0.1,
  • "grade": "string",
  • "explained": [
    ]
}

Run a grading policy

Run a grading policy on every profile/discovery campaigns referenced the grading policy

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
policy
required
string

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

List the existing grading policies

List the existing grading policies

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Certificate Grading Rulesets

Certificate Grading Ruleset API

Retrieve an existing grading ruleset

Retrieve an existing grading rukeset based on its name

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
name
required
string

Responses

Response samples

Content type
application/json
{
  • "_id": "6448d56b310000400063f014",
  • "name": "string",
  • "description": [
    ],
  • "scope": "string",
  • "rules": [
    ]
}

Explain a Grading Ruleset

Explain a Grading Ruleset based on a certificate provided URL encoded (PEM or DER) in the URL

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
ruleset
required
string
input
required
string

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": [
    ],
  • "certificate": "string",
  • "scope": "string",
  • "apply": true,
  • "max": 0,
  • "obtained": 0,
  • "score": 0.1,
  • "explained": [
    ]
}

Explain a Grading Ruleset

Explain a Grading Ruleset based on a certificate provided in the request body

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
ruleset
required
string
Request Body schema: multipart/form-data
required

The X509 certificate file PEM or DER encoded

string or string

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": [
    ],
  • "certificate": "string",
  • "scope": "string",
  • "apply": true,
  • "max": 0,
  • "obtained": 0,
  • "score": 0.1,
  • "explained": [
    ]
}

List the existing grading rulesets

List the existing grading rulesets

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Configuration cookbook

The configuration cookbook APIs allows the user to export in a human-readable format all the configurations applied to the Horizon instance.

Generate the configuration cookbook in adoc format

Generate the configuration cookbook in adoc format based on the principal administration permission(s)

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

License

License API

Retrieve the license entitled modules

Retrieve the license entitled modules

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • "string"
]

Retrieve the license information

Return the complete information regarding the license:

  • License validity
  • License expiration date
  • Entitled Modules along with the holder limit (if any)
Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
{
  • "isValid": true,
  • "expiration": 0,
  • "version": "string",
  • "buildTime": 0,
  • "modules": [
    ],
  • "libraries": [
    ]
}

Certificate analytics

Certificate analytics API (Get info, force update and flush)

Retrieve the certificate analytics status

Retrieve the certificate analytics status

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Schedule a new certificate analytics synchronization

Schedule a new certificate analytics synchronization

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Flush certificate analytics synchronization

Flush and restart a certificate analytics synchronization. The certificate analytics will be disabled until the synchronization is done

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Event analytics

Event analytics API (Get info, force update and flush)

Retrieve the event analytics status

Retrieve the event analytics status

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Schedule a new event analytics synchronization

Schedule a new event analytics synchronization

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Flush event analytics synchronization

Flush and restart a event analytics synchronization. The event analytics will be disabled until the synchronization is done

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Discovery event analytics

Discovery event analytics API (Get info, force update and flush)

Retrieve the discovery event analytics status

Retrieve the discovery event analytics status

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Schedule a new discovery event analytics synchronization

Schedule a new discovery event analytics synchronization

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Flush discovery event analytics synchronization

Flush and restart a discovery event analytics synchronization. The discovery event analytics will be disabled until the synchronization is done

Authorizations:
(apiIdapiKey) cookieAuth

Responses

Response samples

Content type
application/problem+json
Example
{
  • "status": 401,
  • "error": "SEC-AUTH-001",
  • "message": "Unexpected Error",
  • "title": "Unexpected Error",
  • "detail": "Details about the error"
}

Computation rules

Computation rules' testing API

Evaluate a computation rule and its dictionary

Evaluate a computation rule and its dictionary

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Playground request to evaluate

object or null
computationRule
string or null (Computation Rule)

A computation rule that will dynamically generate a string value from the request's context

Computation rules guide
csr
string or null

Responses

Request samples

Content type
application/json
{
  • "dictionary": {
    },
  • "computationRule": "{{csr.subject.cn.1}}",
  • "csr": "string"
}

Response samples

Content type
application/json
{
  • "dictionary": {
    },
  • "computedValueSingle": "string",
  • "computedValueMulti": [
    ]
}

Decoding API (RFC5280)

API to decode RFC5280 objects (certificates, CRLs, CSRs, ...)

Detect and parse a RFC 5280 related file

Detect and parse a RFC 5280 related file (certificate bundle, certificate, crl, csr)

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: multipart/form-data
required

The file to parse

string or string

Responses

Response samples

Content type
application/json
Example
{
  • "type": "bundle",
  • "value": [
    ]
}

Decode a pkcs#10 (url encoded)

Decode a pkcs#10 (url encoded)

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
pem
required
string

Responses

Response samples

Content type
application/json
{
  • "dn": "CN=example.com,OU=IT,O=MyCompany,C=FR",
  • "sans": [
    ],
  • "dnElements": [
    ],
  • "keyType": "rsa-2048",
  • "pem": "string"
}

Decode a pkcs#10 (file)

Decode a pkcs#10 (file)

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: multipart/form-data
required

The pkcs#10 file PEM or DER encoded

string or string

Responses

Response samples

Content type
application/json
{
  • "dn": "CN=example.com,OU=IT,O=MyCompany,C=FR",
  • "sans": [
    ],
  • "dnElements": [
    ],
  • "keyType": "rsa-2048",
  • "pem": "string"
}

Extract the certificate and associated private key from a pkcs#12 (file)

Extract the certificate and associated private key from a pkcs#12 (file)

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: multipart/form-data
required

The pkcs#12 file PEM or DER encoded

string or string

Responses

Response samples

Content type
application/json
{
  • "certificate": {
    },
  • "privateKey": "string"
}

Retrieve the Trust chain from a x509 certificate (url encoded)

Retrieve the Trust chain from a x509 certificate (url encoded)

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
pem
required
string
query Parameters
order
string
Enum: "rtl" "ltr" "irtl" "iltr"

Responses

Response samples

Content type
[
  • {
    }
]

Retrieve the Trust chain from a x509 certificate (file)

Retrieve the Trust chain from a x509 certificate (file)

Authorizations:
(apiIdapiKey) cookieAuth
query Parameters
order
string
Enum: "rtl" "ltr" "irtl" "iltr"
Request Body schema: multipart/form-data
required

The x509 certificate file PEM or DER encoded

string or string

Responses

Response samples

Content type
[
  • {
    }
]

Decode a x509 certificate (url encoded)

Decode a x509 certificate (url encoded)

Authorizations:
(apiIdapiKey) cookieAuth
path Parameters
pem
required
string

Responses

Response samples

Content type
{
  • "dn": "CN=Test Certificate,OU=Test,O=Test,L=Test,ST=Test,C=US",
  • "dnElements": [
    ],
  • "issuerDn": "CN=Test CA,OU=Test,O=Test,L=Test,ST=Test,C=US",
  • "serial": "1",
  • "notBefore": 1609459200000,
  • "notAfter": 1609459200000,
  • "keyType": "rsa-2048",
  • "signingAlgorithm": "SHA256WITHRSA",
  • "pem": "-----BEGIN CERTIFICATE-----\nMI....\n-----END CERTIFICATE-----",
  • "subjectKeyIdentifier": "string",
  • "certificateThumbprint": "30f727ea932acc3e7ec4716a7c1d1d571a0b9124afbe1d1d81a205562164c69c",
  • "certificateSHAOneThumbprint": "string",
  • "publicKeyThumbprint": "4d0faebaeaa595aba5fafe6040fa8a2143b019b59a2b25ced3b2fb7393ee10e2",
  • "keyUsages": [
    ],
  • "isKeyUsagesCritical": true,
  • "extendedKeyUsages": [
    ],
  • "isExtendedKeyUsagesCritical": true,
  • "selfSigned": false,
  • "sans": [
    ],
  • "basicConstraints": {
    },
  • "extensions": [
    ],
  • "crldps": [
    ],
  • "aias": {
    },
  • "policies": [
    ],
  • "authorityKeyIdentifier": "string",
  • "unsupportedExtensions": [
    ]
}

Decode a x509 certificate (file)

Decode a x509 certificate (file)

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: multipart/form-data
required

The x509 certificate file PEM or DER encoded

string or string

Responses

Response samples

Content type
{
  • "dn": "CN=Test Certificate,OU=Test,O=Test,L=Test,ST=Test,C=US",
  • "dnElements": [
    ],
  • "issuerDn": "CN=Test CA,OU=Test,O=Test,L=Test,ST=Test,C=US",
  • "serial": "1",
  • "notBefore": 1609459200000,
  • "notAfter": 1609459200000,
  • "keyType": "rsa-2048",
  • "signingAlgorithm": "SHA256WITHRSA",
  • "pem": "-----BEGIN CERTIFICATE-----\nMI....\n-----END CERTIFICATE-----",
  • "subjectKeyIdentifier": "string",
  • "certificateThumbprint": "30f727ea932acc3e7ec4716a7c1d1d571a0b9124afbe1d1d81a205562164c69c",
  • "certificateSHAOneThumbprint": "string",
  • "publicKeyThumbprint": "4d0faebaeaa595aba5fafe6040fa8a2143b019b59a2b25ced3b2fb7393ee10e2",
  • "keyUsages": [
    ],
  • "isKeyUsagesCritical": true,
  • "extendedKeyUsages": [
    ],
  • "isExtendedKeyUsagesCritical": true,
  • "selfSigned": false,
  • "sans": [
    ],
  • "basicConstraints": {
    },
  • "extensions": [
    ],
  • "crldps": [
    ],
  • "aias": {
    },
  • "policies": [
    ],
  • "authorityKeyIdentifier": "string",
  • "unsupportedExtensions": [
    ]
}

Datasource Flows

Datasource Flows allow to schedule datasource execution.

Test a datasource flow

Test a datasource flow

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Datasource flow to test

Array of objects (Datasource Flow)

Representation of a datasource execution flow

Array of objects or null (Map entry)

Input values for the flow

Responses

Request samples

Content type
application/json
{
  • "dsFlow": [
    ],
  • "context": [
    ]
}

Response samples

Content type
application/json
[
  • {
    }
]

Retrieve the template for a datasource flow

Retrieve the template for a datasource flow

Authorizations:
(apiIdapiKey) cookieAuth
Request Body schema: application/json
required

Datasource flow to get template for

Array of objects (Datasource Flow)

Representation of a datasource execution flow

Responses

Request samples

Content type
application/json
{
  • "dsFlow": [
    ]
}

Response samples

Content type
application/json
[
  • {
    }
]