Search
K
Cipherscale API

PolicyDevice

object

Device information within a policy context

idstring(uuid)required

Unique identifier for the device

Example:550e8400-e29b-41d4-a716-446655440000

createdAtstring(date-time)required

Timestamp when the device was created

Example:2023-01-15T14:30:00Z

updatedAtstring(date-time)required

Timestamp when the device was last updated

Example:2023-01-15T14:30:00Z

namestringrequired

Human-readable name for the device

Example:John's MacBook Pro

activebooleanrequired

Whether the device is currently active

Example:true

lastConnectionstring(date-time)

Timestamp of the device’s last network connection

Example:2023-01-15T14:30:00Z

statusstringrequired

Current operational status of the device

Allowed values:OnlineOfflineDeactivated

Example:Online

hardwareIdstringrequired

Unique hardware identifier for the device

Example:MAC-001122334455

postureobject

Device posture information and compliance status

Example:{"compliant":true,"lastCheck":"2023-01-15T14:30:00Z"}

appVersionstring

Version of the client application running on the device

Example:1.2.3

Example
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "createdAt": "2023-01-15T14:30:00Z",
  "updatedAt": "2023-01-15T14:30:00Z",
  "name": "John's MacBook Pro",
  "active": true,
  "lastConnection": "2023-01-15T14:30:00Z",
  "status": "Online",
  "hardwareId": "MAC-001122334455",
  "posture": {
    "compliant": true,
    "lastCheck": "2023-01-15T14:30:00Z"
  },
  "appVersion": "1.2.3"
}

PolicyResource

object

Resource information within a policy context

idstring(uuid)required

Unique identifier for the resource

Example:550e8400-e29b-41d4-a716-446655440000

createdAtstring(date-time)required

Timestamp when the resource was created

Example:2023-01-15T14:30:00Z

updatedAtstring(date-time)required

Timestamp when the resource was last updated

Example:2023-01-15T14:30:00Z

namestringrequired

Human-readable name for the resource

Example:Internal Web Server

typestringrequired

Type of the network resource

Allowed values:PRIVATESAASINTERNET

Example:PRIVATE

loadBalancingModestringrequired

Load balancing configuration for this resource

Allowed values:MANUALAUTOMATIC

Default:MANUAL

Example:MANUAL

descriptionstring

Detailed description of the resource’s purpose

Example:Internal web server for company applications

Example
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "createdAt": "2023-01-15T14:30:00Z",
  "updatedAt": "2023-01-15T14:30:00Z",
  "name": "Internal Web Server",
  "type": "PRIVATE",
  "loadBalancingMode": "MANUAL",
  "description": "Internal web server for company applications"
}

Policy

object

Access policy defining who can access what resources under what conditions

idstring(uuid)required

Unique identifier for the policy

createdAtstring(date-time)required

Timestamp when the policy was created

updatedAtstring(date-time)required

Timestamp when the policy was last modified

namestringrequired

Human-readable name for the policy

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

ordernumberrequired

Priority order for policy evaluation (lower numbers are evaluated first)

isDefaultbooleanrequired

Whether this is a default policy that applies to all entities

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

groupsarray[object]

Group information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Engineering Team","description":"Team responsible for software development and engineering","maxDevices":10,"isSamlDefaultGroup":false,"idpMapping":["engineering-team","dev-team"]}

Show Child Parameters
usersarray[object]

User information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","lastConnection":"2023-01-15T14:30:00Z","email":"jane.smith@company.com","status":"ACTIVE","firstName":"Jane","lastName":"Smith","isOwner":false,"maxDevices":5,"image":"https://example.com/avatars/jane-smith.jpg"}

Show Child Parameters
devicesarray[object]

Device information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"John's MacBook Pro","active":true,"lastConnection":"2023-01-15T14:30:00Z","status":"Online","hardwareId":"MAC-001122334455","posture":{"compliant":true,"lastCheck":"2023-01-15T14:30:00Z"},"appVersion":"1.2.3"}

Show Child Parameters
resourcesarray[object]

Resource information within a policy context

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","createdAt":"2023-01-15T14:30:00Z","updatedAt":"2023-01-15T14:30:00Z","name":"Internal Web Server","type":"PRIVATE","loadBalancingMode":"MANUAL","description":"Internal web server for company applications"}

Show Child Parameters
gatewaysarray[object]

Network gateway configuration and status information

Show Child Parameters
sourceIpsarray[string]

Source IP addresses or ranges this policy applies to

ruleobjectrequired

Complete admission rule information with configuration and metadata

Example:{"id":"550e8400-e29b-41d4-a716-446655440000","name":"Engineering Department Access","type":"ALLOW","rule":"user.department == 'Engineering'","hasTimeConstraint":false,"createdAt":"2023-01-15T10:30:00Z","updatedAt":"2023-01-15T10:30:00Z"}

Show Child Parameters
descriptionstring

Detailed description of the policy’s purpose and scope

Example
{
  "id": "id",
  "createdAt": "createdAt",
  "updatedAt": "updatedAt",
  "name": "name",
  "action": false,
  "order": 0,
  "isDefault": false,
  "type": "PRIVATE",
  "mode": "LOCAL",
  "allGroups": false,
  "allUsers": false,
  "allDevices": false,
  "allResources": false,
  "groups": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "name": "Engineering Team",
      "description": "Team responsible for software development and engineering",
      "maxDevices": 10,
      "isSamlDefaultGroup": false,
      "idpMapping": [
        "engineering-team",
        "dev-team"
      ]
    }
  ],
  "users": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "lastConnection": "2023-01-15T14:30:00Z",
      "email": "jane.smith@company.com",
      "status": "ACTIVE",
      "firstName": "Jane",
      "lastName": "Smith",
      "isOwner": false,
      "maxDevices": 5,
      "image": "https://example.com/avatars/jane-smith.jpg"
    }
  ],
  "devices": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "name": "John's MacBook Pro",
      "active": true,
      "lastConnection": "2023-01-15T14:30:00Z",
      "status": "Online",
      "hardwareId": "MAC-001122334455",
      "posture": {
        "compliant": true,
        "lastCheck": "2023-01-15T14:30:00Z"
      },
      "appVersion": "1.2.3"
    }
  ],
  "resources": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "createdAt": "2023-01-15T14:30:00Z",
      "updatedAt": "2023-01-15T14:30:00Z",
      "name": "Internal Web Server",
      "type": "PRIVATE",
      "loadBalancingMode": "MANUAL",
      "description": "Internal web server for company applications"
    }
  ],
  "gateways": [
    {
      "id": "id",
      "createdAt": "createdAt",
      "updatedAt": "updatedAt",
      "name": "name",
      "description": "description",
      "wireguardPort": "wireguardPort",
      "status": "PENDING",
      "error": "error",
      "token": "token",
      "lastOnline": "lastOnline",
      "relayEnabled": false,
      "endpoint": "endpoint",
      "autoDiscoverEndpoint": false,
      "resources": [
        {
          "id": "550e8400-e29b-41d4-a716-446655440000",
          "name": "Internal Web Server"
        }
      ]
    }
  ],
  "sourceIps": [
    "[]"
  ],
  "rule": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Engineering Department Access",
    "type": "ALLOW",
    "rule": "user.department == 'Engineering'",
    "hasTimeConstraint": false,
    "createdAt": "2023-01-15T10:30:00Z",
    "updatedAt": "2023-01-15T10:30:00Z"
  },
  "description": "description"
}

UpdatePolicy

object

Data for updating an existing access policy

groupsarray[string]

Array of group IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440000

usersarray[string]

Array of user IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440001

devicesarray[string]

Array of device IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440002

gatewaysarray[string]

Array of gateway IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440004

resourcesarray[string]

Array of resource IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440003

rulestringrequired

Admission rule ID for this policy

Example:550e8400-e29b-41d4-a716-446655440005

namestringrequired

Human-readable name for the policy

Example:Engineering Team Access

descriptionstring

Detailed description of the policy’s purpose and scope

Example:Allows engineering team to access development resources

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

sourceIpsarray[string]

Array of source IP addresses or ranges

Example:192.168.1.0/24, 10.0.0.0/8

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

Example:LOCAL

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

Example:true

Example
{
  "name": "Engineering Team Access",
  "description": "Allows engineering team to access development resources",
  "mode": "LOCAL",
  "action": true,
  "allGroups": false,
  "allUsers": false,
  "allDevices": false,
  "allResources": false,
  "groups": [
    "550e8400-e29b-41d4-a716-446655440000"
  ],
  "rule": "550e8400-e29b-41d4-a716-446655440005"
}

GatewayStatus

string

Status of the gateway

Allowed values:ONLINEMAINTENANCENOT_REACHABLEERRORUNRECOGNIZED