Search
K
Cipherscale API

Policies

Network access policies and permissions

Create Access Policy

Creates a new access policy that defines which users, devices, and groups can access specific network resources. Policies are the core of the Zero Trust access control system and determine network access permissions.

post
https://public-api.cipherscale.com/qa/tenants/policies

Body

application/json

CreatePolicy

Data required to create a new access policy

groupsarray[string]

Array of group IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440000"]

usersarray[string]

Array of user IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440001"]

devicesarray[string]

Array of device IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440002"]

resourcesarray[string]

Array of resource IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440003"]

gatewaysarray[string]

Array of gateway IDs to apply this policy to

Example:["550e8400-e29b-41d4-a716-446655440004"]

rulestring

Admission rule ID for this policy

Example:550e8400-e29b-41d4-a716-446655440005

namestringrequired

Human-readable name for the policy

Example:Engineering Team Access

descriptionstring

Detailed description of the policy’s purpose and scope

Example:Allows engineering team to access development resources

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

Example:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

Example:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

Example:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

Example:false

sourceIpsarray[string]

Array of source IP addresses or ranges

Example:["192.168.1.0/24","10.0.0.0/8"]

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

Example:PRIVATE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

Example:LOCAL

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

Example:true

Response

201 application/json

Successfully created access policy

Policy

Access policy defining who can access what resources under what conditions

idstring(uuid)required

Unique identifier for the policy

createdAtstring(date-time)required

Timestamp when the policy was created

updatedAtstring(date-time)required

Timestamp when the policy was last modified

namestringrequired

Human-readable name for the policy

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

ordernumberrequired

Priority order for policy evaluation (lower numbers are evaluated first)

isDefaultbooleanrequired

Whether this is a default policy that applies to all entities

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

groupsarray[object]

Group information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Engineering Team","description":"Team responsible for software development and engineering","maxDevices":10,"isSamlDefaultGroup":false,"idpMapping":["engineering-team","dev-team"]}

Show Child Parameters
usersarray[object]

User information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","lastConnection":"2023-01-15T14:30:00Z","email":"jane.smith@company.com","status":"ACTIVE","firstName":"Jane","lastName":"Smith","isOwner":false,"maxDevices":5,"image":"https://example.com/avatars/jane-smith.jpg"}

Show Child Parameters
devicesarray[object]

Device information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"John's MacBook Pro","active":true,"lastConnection":"2023-01-15T14:30:00Z","status":"Online","hardwareId":"MAC-001122334455","posture":{"compliant":true,"lastCheck":"2023-01-15T14:30:00Z"},"appVersion":"1.2.3"}

Show Child Parameters
resourcesarray[object]

Resource information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Internal Web Server","type":"PRIVATE","loadBalancingMode":"MANUAL","description":"Internal web server for company applications"}

Show Child Parameters
gatewaysarray[object]

Network gateway configuration and status information

Show Child Parameters
sourceIpsarray[string]

Source IP addresses or ranges this policy applies to

ruleobjectrequired

Complete admission rule information with configuration and metadata

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","name":"Engineering Department Access","type":"ALLOW","rule":"user.department == 'Engineering'","hasTimeConstraint":false,"createdAt":"2023-01-15T10:30:00Z","updatedAt":"2023-01-15T10:30:00Z"}

Show Child Parameters
descriptionstring

Detailed description of the policy’s purpose and scope

post/tenants/policies

Body

{
  "name": "Engineering Team Access",
  "description": "Allows engineering team to access development resources",
  "type": "PRIVATE",
  "mode": "LOCAL",
  "action": true,
  "allGroups": false,
  "allUsers": false,
  "allDevices": false,
  "allResources": false,
  "groups": [
    "550e8400-e29b-41d4-a716-446655440000"
  ],
  "rule": "550e8400-e29b-41d4-a716-446655440005"
}
{ "name": "Engineering Team Access", "description": "Allows engineering team to access development resources", "type": "PRIVATE", "mode": "LOCAL", "action": true, "allGroups": false, "allUsers": false, "allDevices": false, "allResources": false, "groups": [ "550e8400-e29b-41d4-a716-446655440000" ], "rule": "550e8400-e29b-41d4-a716-446655440005" }
  
curl --request POST \
  --url https://public-api.cipherscale.com/qa/tenants/policies \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "Engineering Team Access",
  "description": "Allows engineering team to access development resources",
  "type": "PRIVATE",
  "mode": "LOCAL",
  "action": true,
  "allGroups": false,
  "allUsers": false,
  "allDevices": false,
  "allResources": false,
  "groups": [
    "550e8400-e29b-41d4-a716-446655440000"
  ],
  "rule": "550e8400-e29b-41d4-a716-446655440005"
}'
201 application/json
{
  "id": "id",
  "createdAt": "createdAt",
  "updatedAt": "updatedAt",
  "name": "name",
  "action": false,
  "order": 0,
  "isDefault": false,
  "type": "PRIVATE",
  "mode": "LOCAL",
  "allGroups": false,
  "allUsers": false,
  "allDevices": false,
  "allResources": false,
  "groups": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "name": "Engineering Team",
      "description": "Team responsible for software development and engineering",
      "maxDevices": 10,
      "isSamlDefaultGroup": false,
      "idpMapping": [
        "engineering-team",
        "dev-team"
      ]
    }
  ],
  "users": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "lastConnection": "2023-01-15T14:30:00Z",
      "email": "jane.smith@company.com",
      "status": "ACTIVE",
      "firstName": "Jane",
      "lastName": "Smith",
      "isOwner": false,
      "maxDevices": 5,
      "image": "https://example.com/avatars/jane-smith.jpg"
    }
  ],
  "devices": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "name": "John's MacBook Pro",
      "active": true,
      "lastConnection": "2023-01-15T14:30:00Z",
      "status": "Online",
      "hardwareId": "MAC-001122334455",
      "posture": {
        "compliant": true,
        "lastCheck": "2023-01-15T14:30:00Z"
      },
      "appVersion": "1.2.3"
    }
  ],
  "resources": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "name": "Internal Web Server",
      "type": "PRIVATE",
      "loadBalancingMode": "MANUAL",
      "description": "Internal web server for company applications"
    }
  ],
  "gateways": [
    {
      "id": "id",
      "createdAt": "createdAt",
      "updatedAt": "updatedAt",
      "name": "name",
      "description": "description",
      "wireguardPort": "wireguardPort",
      "status": "PENDING",
      "error": "error",
      "token": "token",
      "lastOnline": "lastOnline",
      "relayEnabled": false,
      "endpoint": "endpoint",
      "autoDiscoverEndpoint": false,
      "resources": [
        {
          "id": "550e8400-e29b-41d4-a716-446655440000",
          "name": "Internal Web Server"
        }
      ]
    }
  ],
  "sourceIps": [
    "[]"
  ],
  "rule": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Engineering Department Access",
    "type": "ALLOW",
    "rule": "user.department == 'Engineering'",
    "hasTimeConstraint": false,
    "createdAt": "2023-01-15T10:30:00Z",
    "updatedAt": "2023-01-15T10:30:00Z"
  },
  "description": "description"
}

List All Access Policies

Retrieves a paginated list of all access policies for the tenant with advanced filtering capabilities. Policies are ordered by priority and determine network access permissions for users and devices.

get
https://public-api.cipherscale.com/qa/tenants/policies

Query Parameters

sortstring

Sort order in JSON format {“field”: “direction”}. Sortable fields: id, order. Direction: asc, desc

Example:-order,id

limitnumber
offsetnumber
filter[resources.id]string

Filter policies by resource ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[allResources]boolean

Filter policies by all resources flag

Example:true

filter[devices.id]string

Filter policies by device ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[groups.id]string

Filter policies by group ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[users.id]string

Filter policies by user ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[allUsers]boolean

Filter policies by all users flag

Example:true

filter[allGroups]boolean

Filter policies by all groups flag

Example:false

filter[allDevices]boolean

Filter policies by all devices flag

Example:true

filter[rule.id]string

Filter policies by rule ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[id]string

Filter policies by ID (UUID format)

Example:123e4567-e89b-12d3-a456-426614174000

filter[name]string

Filter policies by name

Example:My Policy

filter[type]string

Filter policies by type

Allowed values:PRIVATESAASINTERNETSITETOSITE

page[offset]number

Number of policies to skip (minimum: 0). Use with “page[limit]”. For page N (0-based), compute as N × page[limit].

Example:0

page[limit]number

Number of policies to return per page (minimum: 1). Use with “page[offset]” for pagination.

Example:10

Response

200
get/tenants/policies
  
curl --request GET \
  --url 'https://public-api.cipherscale.com/qa/tenants/policies?sort=-order%2Cid&filter%5Bresources.id%5D=123e4567-e89b-12d3-a456-426614174000&filter%5BallResources%5D=true&filter%5Bdevices.id%5D=123e4567-e89b-12d3-a456-426614174000&filter%5Bgroups.id%5D=123e4567-e89b-12d3-a456-426614174000&filter%5Busers.id%5D=123e4567-e89b-12d3-a456-426614174000&filter%5BallUsers%5D=true&filter%5BallGroups%5D=false&filter%5BallDevices%5D=true&filter%5Brule.id%5D=123e4567-e89b-12d3-a456-426614174000&filter%5Bid%5D=123e4567-e89b-12d3-a456-426614174000&filter%5Bname%5D=My%20Policy&page%5Boffset%5D=0&page%5Blimit%5D=10' \
  --header 'Content-Type: application/json'
200

Reorder Access Policies

Changes the priority order of access policies. Policy order is crucial as policies are evaluated in sequence, and the first matching policy determines access permissions.

patch
https://public-api.cipherscale.com/qa/tenants/policies

Body

application/json

Array of policies with their new order positions

idstring(uuid)required

The unique identifier of the policy

ordernumberrequired

The new order position for the policy (must be greater than 0)

>= 1

Response

200
patch/tenants/policies

Body

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "order": 1
  },
  {
    "id": "987fcdeb-51a2-43d7-8f9e-123456789abc",
    "order": 2
  }
]
[ { "id": "123e4567-e89b-12d3-a456-426614174000", "order": 1 }, { "id": "987fcdeb-51a2-43d7-8f9e-123456789abc", "order": 2 } ]
  
curl --request PATCH \
  --url https://public-api.cipherscale.com/qa/tenants/policies \
  --header 'Content-Type: application/json' \
  --data '[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "order": 1
  },
  {
    "id": "987fcdeb-51a2-43d7-8f9e-123456789abc",
    "order": 2
  }
]'
200

Remove Access Policy

Permanently removes an access policy from the tenant. This operation will affect network access permissions for all users and devices covered by this policy.

delete
https://public-api.cipherscale.com/qa/tenants/policies/{id}

Path Parameters

idstring(uuid)required

The unique identifier (UUID) of the policy to delete

Response

204
delete/tenants/policies/{id}
  
curl --request DELETE \
  --url https://public-api.cipherscale.com/qa/tenants/policies/ \
  --header 'Content-Type: application/json'
204