Search
K
Cipherscale API

Update Admission Rule

Modifies the configuration of an existing admission rule including its name, rule logic, and time constraints. Changes affect access control immediately.

put
https://public-api.cipherscale.com/qa/tenants/admission-rules/{id}

Path Parameters

idstring(uuid)required

The unique identifier (UUID) of the admission rule to update

Body

application/json

The admission rule data to update

UpdateAdmissionRule

Data for updating an admission rule

rulestringrequired

Rule logic or condition for the admission rule

Example:user.department == 'Engineering'

namestringrequired

Human-readable name for the admission rule

Example:Engineering Department Access

hasTimeConstraintbooleanrequired

Whether this rule includes time-based constraints

Example:false

Response

application/json

Successfully updated the admission rule

AdmissionRule

Complete admission rule information with configuration and metadata

idstring(uuid)required

Unique identifier for the admission rule

Example:550e8400-e29b-41d4-a716-446655440000

createdAtstring(date-time)required

Timestamp when the rule was created

Example:2023-01-15T10:30:00Z

updatedAtstring(date-time)required

Timestamp when the rule was last modified

Example:2023-01-15T10:30:00Z

namestringrequired

Human-readable name for the admission rule

Example:Engineering Department Access

typestringrequired

Type of admission rule (ALLOW, DENY, or CUSTOM)

Allowed values:ALLOWDENYCUSTOM

Example:ALLOW

hasTimeConstraintbooleanrequired

Whether this rule includes time-based constraints

Example:false

rulestring

Rule logic or condition for the admission rule

Example:user.department == 'Engineering'

put/tenants/admission-rules/{id}

Body

{ "name": "Engineering Department Access", "rule": "user.department == 'Engineering'", "hasTimeConstraint": false }
 
application/json

Get Admission Rule Details

Retrieves detailed information about a specific admission rule including its configuration, rule logic, time constraints, and type (ALLOW/DENY/CUSTOM).

get
https://public-api.cipherscale.com/qa/tenants/admission-rules/{id}

Path Parameters

idstring(uuid)required

The unique identifier (UUID) of the admission rule

Response

application/json

Successfully retrieved the admission rule

AdmissionRule

Complete admission rule information with configuration and metadata

idstring(uuid)required

Unique identifier for the admission rule

Example:550e8400-e29b-41d4-a716-446655440000

createdAtstring(date-time)required

Timestamp when the rule was created

Example:2023-01-15T10:30:00Z

updatedAtstring(date-time)required

Timestamp when the rule was last modified

Example:2023-01-15T10:30:00Z

namestringrequired

Human-readable name for the admission rule

Example:Engineering Department Access

typestringrequired

Type of admission rule (ALLOW, DENY, or CUSTOM)

Allowed values:ALLOWDENYCUSTOM

Example:ALLOW

hasTimeConstraintbooleanrequired

Whether this rule includes time-based constraints

Example:false

rulestring

Rule logic or condition for the admission rule

Example:user.department == 'Engineering'

get/tenants/admission-rules/{id}
 
application/json

Remove Admission Rule

Permanently removes an admission rule from the tenant. This operation will affect any policies that reference this rule.

delete
https://public-api.cipherscale.com/qa/tenants/admission-rules/{id}

Path Parameters

idstring(uuid)required

The unique identifier (UUID) of the admission rule to delete

Response

Successfully deleted the admission rule

delete/tenants/admission-rules/{id}
 

Policies

Network access policies and permissions

Create Access Policy

Creates a new access policy that defines which users, devices, and groups can access specific network resources. Policies are the core of the Zero Trust access control system and determine network access permissions.

post
https://public-api.cipherscale.com/qa/tenants/policies

Body

application/json

CreatePolicy

Data required to create a new access policy

groupsarray[string]

Array of group IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440000"]

usersarray[string]

Array of user IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440001"]

devicesarray[string]

Array of device IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440002"]

resourcesarray[string]

Array of resource IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440003"]

gatewaysarray[string]

Array of gateway IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440004"]

rulestring

Admission rule ID for this policy

Example:550e8400-e29b-41d4-a716-446655440005

namestringrequired

Human-readable name for the policy

Example:Engineering Team Access

descriptionstring

Detailed description of the policy’s purpose and scope

Example:Allows engineering team to access development resources

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

Example:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

Example:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

Example:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

Example:false

sourceIpsarray[string]

Array of source IP addresses or ranges

Example:["192.168.1.0/24","10.0.0.0/8"]

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

Example:PRIVATE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

Example:LOCAL

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

Example:true

Response

201 application/json

Successfully created access policy

Policy

Access policy defining who can access what resources under what conditions

idstring(uuid)required

Unique identifier for the policy

createdAtstring(date-time)required

Timestamp when the policy was created

updatedAtstring(date-time)required

Timestamp when the policy was last modified

namestringrequired

Human-readable name for the policy

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

ordernumberrequired

Priority order for policy evaluation (lower numbers are evaluated first)

isDefaultbooleanrequired

Whether this is a default policy that applies to all entities

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

groupsarray[object]

Group information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Engineering Team","description":"Team responsible for software development and engineering","maxDevices":10,"isSamlDefaultGroup":false,"idpMapping":["engineering-team","dev-team"]}

Show Child Parameters
usersarray[object]

User information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","lastConnection":"2023-01-15T14:30:00Z","email":"jane.smith@company.com","status":"ACTIVE","firstName":"Jane","lastName":"Smith","isOwner":false,"maxDevices":5,"image":"https://example.com/avatars/jane-smith.jpg"}

Show Child Parameters
devicesarray[object]

Device information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"John's MacBook Pro","active":true,"lastConnection":"2023-01-15T14:30:00Z","status":"Online","hardwareId":"MAC-001122334455","posture":{"compliant":true,"lastCheck":"2023-01-15T14:30:00Z"},"appVersion":"1.2.3"}

Show Child Parameters
resourcesarray[object]

Resource information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Internal Web Server","type":"PRIVATE","loadBalancingMode":"MANUAL","description":"Internal web server for company applications"}

Show Child Parameters
gatewaysarray[object]

Network gateway configuration and status information

Show Child Parameters
sourceIpsarray[string]

Source IP addresses or ranges this policy applies to

ruleobjectrequired

Complete admission rule information with configuration and metadata

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","name":"Engineering Department Access","type":"ALLOW","rule":"user.department == 'Engineering'","hasTimeConstraint":false,"createdAt":"2023-01-15T10:30:00Z","updatedAt":"2023-01-15T10:30:00Z"}

Show Child Parameters
descriptionstring

Detailed description of the policy’s purpose and scope

post/tenants/policies

Body

{ "name": "Engineering Team Access", "description": "Allows engineering team to access development resources", "type": "PRIVATE", "mode": "LOCAL", "action": true, "allGroups": false, "allUsers": false, "allDevices": false, "allResources": false, "groups": [ "550e8400-e29b-41d4-a716-446655440000" ], "rule": "550e8400-e29b-41d4-a716-446655440005" }
 
201 application/json