Search
K
Cipherscale API

Remove Admission Rule

Permanently removes an admission rule from the tenant. This operation will affect any policies that reference this rule.

delete
https://public-api.cipherscale.com/qa/tenants/admission-rules/{id}

Path Parameters

idstring(uuid)required

The unique identifier (UUID) of the admission rule to delete

Response

Successfully deleted the admission rule

delete/tenants/admission-rules/{id}
 

Policies

Network access policies and permissions

Create Access Policy

Creates a new access policy that defines which users, devices, and groups can access specific network resources. Policies are the core of the Zero Trust access control system and determine network access permissions.

post
https://public-api.cipherscale.com/qa/tenants/policies

Body

application/json

CreatePolicy

Data required to create a new access policy

groupsarray[string]

Array of group IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440000"]

usersarray[string]

Array of user IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440001"]

devicesarray[string]

Array of device IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440002"]

resourcesarray[string]

Array of resource IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440003"]

gatewaysarray[string]

Array of gateway IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440004"]

rulestring

Admission rule ID for this policy

Example:550e8400-e29b-41d4-a716-446655440005

namestringrequired

Human-readable name for the policy

Example:Engineering Team Access

descriptionstring

Detailed description of the policy’s purpose and scope

Example:Allows engineering team to access development resources

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

Example:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

Example:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

Example:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

Example:false

sourceIpsarray[string]

Array of source IP addresses or ranges

Example:["192.168.1.0/24","10.0.0.0/8"]

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

Example:PRIVATE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

Example:LOCAL

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

Example:true

Response

201 application/json

Successfully created access policy

Policy

Access policy defining who can access what resources under what conditions

idstring(uuid)required

Unique identifier for the policy

createdAtstring(date-time)required

Timestamp when the policy was created

updatedAtstring(date-time)required

Timestamp when the policy was last modified

namestringrequired

Human-readable name for the policy

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

ordernumberrequired

Priority order for policy evaluation (lower numbers are evaluated first)

isDefaultbooleanrequired

Whether this is a default policy that applies to all entities

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

groupsarray[object]

Group information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Engineering Team","description":"Team responsible for software development and engineering","maxDevices":10,"isSamlDefaultGroup":false,"idpMapping":["engineering-team","dev-team"]}

Show Child Parameters
usersarray[object]

User information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","lastConnection":"2023-01-15T14:30:00Z","email":"jane.smith@company.com","status":"ACTIVE","firstName":"Jane","lastName":"Smith","isOwner":false,"maxDevices":5,"image":"https://example.com/avatars/jane-smith.jpg"}

Show Child Parameters
devicesarray[object]

Device information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"John's MacBook Pro","active":true,"lastConnection":"2023-01-15T14:30:00Z","status":"Online","hardwareId":"MAC-001122334455","posture":{"compliant":true,"lastCheck":"2023-01-15T14:30:00Z"},"appVersion":"1.2.3"}

Show Child Parameters
resourcesarray[object]

Resource information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Internal Web Server","type":"PRIVATE","loadBalancingMode":"MANUAL","description":"Internal web server for company applications"}

Show Child Parameters
gatewaysarray[object]

Network gateway configuration and status information

Show Child Parameters
sourceIpsarray[string]

Source IP addresses or ranges this policy applies to

ruleobjectrequired

Complete admission rule information with configuration and metadata

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","name":"Engineering Department Access","type":"ALLOW","rule":"user.department == 'Engineering'","hasTimeConstraint":false,"createdAt":"2023-01-15T10:30:00Z","updatedAt":"2023-01-15T10:30:00Z"}

Show Child Parameters
descriptionstring

Detailed description of the policy’s purpose and scope

post/tenants/policies

Body

{ "name": "Engineering Team Access", "description": "Allows engineering team to access development resources", "type": "PRIVATE", "mode": "LOCAL", "action": true, "allGroups": false, "allUsers": false, "allDevices": false, "allResources": false, "groups": [ "550e8400-e29b-41d4-a716-446655440000" ], "rule": "550e8400-e29b-41d4-a716-446655440005" }
 
201 application/json

List All Access Policies

Retrieves a paginated list of all access policies for the tenant with advanced filtering capabilities. Policies are ordered by priority and determine network access permissions for users and devices.

get
https://public-api.cipherscale.com/qa/tenants/policies

Query Parameters

sortstring

Sort order in JSON format {“field”: “direction”}. Sortable fields: id, order. Direction: asc, desc

Example:-order,id

limitnumber
offsetnumber
filter[resources.id]string

Filter policies by resource ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[allResources]boolean

Filter policies by all resources flag

Example:true

filter[devices.id]string

Filter policies by device ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[groups.id]string

Filter policies by group ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[users.id]string

Filter policies by user ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[allUsers]boolean

Filter policies by all users flag

Example:true

filter[allGroups]boolean

Filter policies by all groups flag

Example:false

filter[allDevices]boolean

Filter policies by all devices flag

Example:true

filter[rule.id]string

Filter policies by rule ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[id]string

Filter policies by ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[name]string

Filter policies by name

Example:My Policy

filter[type]string

Filter policies by type

Allowed values:PRIVATESAASINTERNETSITETOSITE

page[offset]number

Number of policies to skip (minimum: 0). Use with “page[limit]”. For page N (0-based), compute as N × page[limit].

Example:0

page[limit]number

Number of policies to return per page (minimum: 1). Use with “page[offset]” for pagination.

Example:10

Response

200
get/tenants/policies
 
200

Reorder Access Policies

Changes the priority order of access policies. Policy order is crucial as policies are evaluated in sequence, and the first matching policy determines access permissions.

patch
https://public-api.cipherscale.com/qa/tenants/policies

Body

application/json

Array of policies with their new order positions

idstring(uuid)required

The unique identifier of the policy

ordernumberrequired

The new order position for the policy (must be greater than 0)

>= 1

Response

200
patch/tenants/policies

Body

[ { "id": "123e4567-e89b-12d3-a456-426614174000", "order": 1 }, { "id": "987fcdeb-51a2-43d7-8f9e-123456789abc", "order": 2 } ]
 
200