Skip to main content
Star us on GitHub Star

Edge Client API Reference

Ziti Edge Client (0.26.20)

Download OpenAPI specification:Download

OpenZiti Edge Client API

Informational

Returns version information

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Returns all capabilities this version of the controller is aware of, enabled or not.

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Return a list of the listening Edge protocols

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Returns a list of API specs

Returns a list of spec files embedded within the controller for consumption/documentation/code geneartion

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Return a single spec resource

Returns single spec resource embedded within the controller for consumption/documentation/code geneartion

path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Returns the spec's file

Return the body of the specification (i.e. Swagger, OpenAPI 2.0, 3.0, etc).

path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
No sample

Returns version information

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Well Known

Get CA Cert Store

This endpoint is used during enrollments to bootstrap trust between enrolling clients and the Ziti Edge API. This endpoint returns a base64 encoded PKCS7 store. The content can be base64 decoded and parsed by any library that supports parsing PKCS7 stores.

Responses

Authentication

Authenticate via a method supplied via a query string parameter

Allowed authentication methods include "password", "cert", and "ext-jwt"

query Parameters
method
required
string
Enum: "password" "cert" "ext-jwt"
Request Body schema: application/json
configTypes
Array of strings (configTypes)

Specific configuration types that should be returned

object (envInfo)

Environment information an authenticating client may provide

password
string (password) [ 5 .. 100 ] characters
object (sdkInfo)

SDK information an authenticating client may provide

username
string (username) [ 4 .. 100 ] characters

Responses

Request samples

Content type
application/json
{
  • "configTypes": [
    ],
  • "envInfo": {
    },
  • "password": "string",
  • "sdkInfo": {
    },
  • "username": "string"
}

Response samples

Content type
{
  • "data": {
    },
  • "meta": {
    }
}

Complete MFA authentication

Completes MFA authentication by submitting a MFA time based one time token or backup code.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

MFA

Complete MFA authentication

Completes MFA authentication by submitting a MFA time based one time token or backup code.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Returns the current status of MFA enrollment

Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a POST /current-identity/mfa/verify.

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Initiate MFA enrollment

Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via POST /current-identity/mfa/verify

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Disable MFA for the current identity

Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via DELETE /identities/<id>/mfa.

Authorizations:
ztSessionoauth2
header Parameters
mfa-validation-code
string

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Show a QR code for unverified MFA enrollments

Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started.

Authorizations:
ztSessionoauth2

Responses

For a completed MFA enrollment view the current recovery codes

Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.

Authorizations:
ztSessionoauth2
header Parameters
mfa-validation-code
string
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

For a completed MFA enrollment regenerate the recovery codes

Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Complete MFA enrollment by verifying a time based one time token

Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via POST /current-identity/mfa.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Controllers

List controllers

Retrieves a list of controllers

Authorizations:
ztSessionoauth2
query Parameters
limit
integer
offset
integer
filter
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Current API Session

Return the current API session

Retrieves the API session that was used to issue the current request

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
{
  • "data": {
    },
  • "meta": {
    }
}

Logout

Terminates the current API session

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

List the ephemeral certificates available for the current API Session

Retrieves a list of certificate resources for the current API session; supports filtering, sorting, and pagination

Authorizations:
ztSessionoauth2
query Parameters
limit
integer
offset
integer
filter
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Creates an ephemeral certificate for the current API Session

Creates an ephemeral certificate for the current API Session. This endpoint expects a PEM encoded CSRs to be provided for fulfillment as a property of a JSON payload. It is up to the client to manage the private key backing the CSR request.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

The payload describing the CSR used to create a session certificate

csr
required
string

Responses

Request samples

Content type
application/json
{
  • "csr": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Retrieves an ephemeral certificate

Retrieves a single ephemeral certificate by id

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Delete an ephemeral certificate

Delete an ephemeral certificateby id

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Returns data indicating whether a client should updates it service list

Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate service refreshes.

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List authenticators for the current identity

Retrieves a list of authenticators assigned to the current API session's identity; supports filtering, sorting, and pagination.

Authorizations:
ztSessionoauth2
query Parameters
limit
integer
offset
integer
filter
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Retrieve an authenticator for the current identity

Retrieves a single authenticator by id. Will only show authenticators assigned to the API session's identity.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update all fields on an authenticator of this identity

Update all fields on an authenticator by id. Will only update authenticators assigned to the API session's identity.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json

An authenticator put object

password
required
string (password) [ 5 .. 100 ] characters
object or null (tags)

A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean

username
required
string (username) [ 4 .. 100 ] characters
currentPassword
required
string (password) [ 5 .. 100 ] characters

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "tags": {
    },
  • "username": "string",
  • "currentPassword": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Update the supplied fields on an authenticator of this identity

Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API session's identity.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json

An authenticator patch object

password
string or null (passwordNullable) [ 5 .. 100 ] characters
object or null (tags)

A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean

username
string or null (usernameNullable) [ 4 .. 100 ] characters
currentPassword
required
string (password) [ 5 .. 100 ] characters

Responses

Request samples

Content type
application/json
{
  • "password": "string",
  • "tags": {
    },
  • "username": "string",
  • "currentPassword": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Allows the current identity to recieve a new certificate associated with a certificate based authenticator

This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json
clientCertCsr
required
string

Responses

Request samples

Content type
application/json
{
  • "clientCertCsr": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Allows the current identity to validate reciept of a new client certificate

After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json
clientCert
required
string

A PEM encoded client certificate previously returned after an extension request

Responses

Request samples

Content type
application/json
{
  • "clientCert": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Services

Returns data indicating whether a client should updates it service list

Retrieves data indicating the last time data relevant to this API Session was altered that would necessitate service refreshes.

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Current Identity

Return the current identity

Returns the identity associated with the API sessions used to issue the current request

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
{
  • "data": {
    },
  • "meta": {
    }
}

Return this list of Edge Routers the identity has access to

Lists the Edge Routers that the current identity has access to via policies. The data returned includes their address and online status

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Returns the current status of MFA enrollment

Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a POST /current-identity/mfa/verify.

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Initiate MFA enrollment

Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via POST /current-identity/mfa/verify

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Disable MFA for the current identity

Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via DELETE /identities/<id>/mfa.

Authorizations:
ztSessionoauth2
header Parameters
mfa-validation-code
string

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Show a QR code for unverified MFA enrollments

Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started.

Authorizations:
ztSessionoauth2

Responses

For a completed MFA enrollment view the current recovery codes

Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.

Authorizations:
ztSessionoauth2
header Parameters
mfa-validation-code
string
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

For a completed MFA enrollment regenerate the recovery codes

Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Complete MFA enrollment by verifying a time based one time token

Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via POST /current-identity/mfa.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

An MFA validation request

code
required
string

Responses

Request samples

Content type
application/json
{
  • "code": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Enroll

Allows the current identity to recieve a new certificate associated with a certificate based authenticator

This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json
clientCertCsr
required
string

Responses

Request samples

Content type
application/json
{
  • "clientCertCsr": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Allows the current identity to validate reciept of a new client certificate

After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json
clientCert
required
string

A PEM encoded client certificate previously returned after an extension request

Responses

Request samples

Content type
application/json
{
  • "clientCert": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Enroll an identity via one-time-token

present a OTT and CSR to receive a long-lived client certificate

query Parameters
token
string <uuid>
method
string

Responses

Response samples

Content type
No sample

Enroll an identity with a pre-exchanged certificate

For CA auto enrollment, an identity is not created beforehand. Instead one will be created during enrollment. The client will present a client certificate that is signed by a Certificate Authority that has been added and verified (See POST /cas and POST /cas/{id}/verify).

During this process no CSRs are requires as the client should already be in possession of a valid certificate.

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Allows verification of a controller or cluster of controllers as being the valid target for enrollment.

A caller may submit a nonce and a key id (kid) from the enrollment JWKS endpoint or enrollment JWT that will be used to sign the nonce. The resulting signature may be validated with the associated public key in order to verify a networks identity during enrollment. The nonce must be a valid formatted UUID.

Request Body schema: application/json
keyId
required
string
nonce
required
string <uuid>

Responses

Request samples

Content type
application/json
{
  • "keyId": "string",
  • "nonce": "f25f24f2-d581-4594-9824-123d5821fb65"
}

Response samples

Content type
application/json
{
  • "algorithm": "string",
  • "caPool": "string",
  • "kid": "string",
  • "signature": "string"
}

Enroll an edge-router

Enrolls an edge-router via a one-time-token to establish a certificate based identity.

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Extend the life of a currently enrolled router's certificates

Allows a router to extend its certificates' expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation or swapping.

After completion any new connections must be made with certificates returned from a 200 OK response. The previous client certificate is rendered invalid for use with the controller even if it has not expired.

This request must be made using the existing, valid, client certificate.

Request Body schema: application/json
certCsr
required
string
serverCertCsr
required
string

Responses

Request samples

Content type
application/json
{
  • "certCsr": "string",
  • "serverCertCsr": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List JSON Web Keys associated with enrollment

Returns a list of JSON Web Keys (JWKS) that are used for enrollment signing. The keys listed here are used to sign and co-sign enrollment JWTs. They can be verified through a challenge endpoint, using the public keys from this endpoint to verify the target machine has possession of the related private key.

Responses

Response samples

Content type
application/json
{
  • "keys": [
    ]
}

Enroll an identity via one-time-token

Enroll an identity via a one-time-token which is supplied via a query string parameter. This enrollment method expects a PEM encoded CSRs to be provided for fulfillment. It is up to the enrolling identity to manage the private key backing the CSR request.

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Enroll an identity via one-time-token with a pre-exchanged client certificate

Enroll an identity via a one-time-token that also requires a pre-exchanged client certificate to match a Certificate Authority that has been added and verified (See POST /cas and POST /cas{id}/verify). The client must present a client certificate signed by CA associated with the enrollment. This enrollment is similar to CA auto enrollment except that is required the identity to be pre-created.

As the client certificate has been pre-exchanged there is no CSR input to this enrollment method.

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Enroll an identity via one-time-token

Enrolls an identity via a one-time-token to establish an initial username and password combination

query Parameters
token
required
string <uuid>

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Extend Enrollment

Allows the current identity to recieve a new certificate associated with a certificate based authenticator

This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled. Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation. The response from this endpoint is a new client certificate which the client must be verified via the /authenticators/{id}/extend-verify endpoint. After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json
clientCertCsr
required
string

Responses

Request samples

Content type
application/json
{
  • "clientCertCsr": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Allows the current identity to validate reciept of a new client certificate

After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt. After receipt, the new client certificate must be used for new authentication requests.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json
clientCert
required
string

A PEM encoded client certificate previously returned after an extension request

Responses

Request samples

Content type
application/json
{
  • "clientCert": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Extend the life of a currently enrolled router's certificates

Allows a router to extend its certificates' expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation or swapping.

After completion any new connections must be made with certificates returned from a 200 OK response. The previous client certificate is rendered invalid for use with the controller even if it has not expired.

This request must be made using the existing, valid, client certificate.

Request Body schema: application/json
certCsr
required
string
serverCertCsr
required
string

Responses

Request samples

Content type
application/json
{
  • "certCsr": "string",
  • "serverCertCsr": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Edge Router

Return this list of Edge Routers the identity has access to

Lists the Edge Routers that the current identity has access to via policies. The data returned includes their address and online status

Authorizations:
ztSessionoauth2

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

External JWT Signer

List Client Authentication External JWT

Retrieves a list of external JWT signers for authentication

Authorizations:
ztSessionoauth2
query Parameters
limit
integer
offset
integer
filter
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Posture Checks

Submit a posture response to a posture query

Submits posture responses

Authorizations:
ztSessionoauth2
Request Body schema: application/json

A Posture Response

id
required
string
typeId
required
string (postureCheckType)
domain
required
string

Responses

Request samples

Content type
application/json
Example
{
  • "id": "string",
  • "typeId": "postureResponseDomainCreate",
  • "domain": "string"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Submit multiple posture responses

Submits posture responses

Authorizations:
ztSessionoauth2
Request Body schema: application/json

A Posture Response

Array
id
required
string
typeId
required
string (postureCheckType)
domain
required
string

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Service

List services

Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.

Authorizations:
ztSessionoauth2
query Parameters
limit
integer
offset
integer
filter
string
configTypes
Array of strings
roleFilter
Array of strings
roleSemantic
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Retrieves a single service

Retrieves a single service by id. Requires admin access.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Update all fields on a service

Update all fields on a service by id. Requires admin access.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json

A service update object

configs
Array of strings
encryptionRequired
boolean

Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create.

maxIdleTimeMillis
integer
name
required
string
roleAttributes
Array of strings
object or null (tags)

A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean

terminatorStrategy
string

Responses

Request samples

Content type
application/json
{
  • "configs": [
    ],
  • "encryptionRequired": true,
  • "maxIdleTimeMillis": 0,
  • "name": "string",
  • "roleAttributes": [
    ],
  • "tags": {
    },
  • "terminatorStrategy": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Delete a service

Delete a service by id. Requires admin access.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

Update the supplied fields on a service

Update the supplied fields on a service. Requires admin access.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Request Body schema: application/json

A service patch object

configs
Array of strings
encryptionRequired
boolean

Describes whether connections must support end-to-end encryption on both sides of the connection. Read-only property, set at create.

maxIdleTimeMillis
integer
name
string
roleAttributes
Array of strings
object or null (tags)

A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean

terminatorStrategy
string

Responses

Request samples

Content type
application/json
{
  • "configs": [
    ],
  • "encryptionRequired": true,
  • "maxIdleTimeMillis": 0,
  • "name": "string",
  • "roleAttributes": [
    ],
  • "tags": {
    },
  • "terminatorStrategy": "string"
}

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}

List of edge routers permitted to handle traffic for the specified service

Retrieves the list of edge routers permitted to handle traffic for the specified service

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

query Parameters
limit
integer
offset
integer
filter
string
header Parameters
session-token
string

an optional JWT token use to authenticate the request. If provided, the token must be valid else a not authorized response is returned.

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

List of terminators assigned to a service

Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

query Parameters
limit
integer
offset
integer
filter
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Session

List sessions

Retrieves a list of active sessions resources; supports filtering, sorting, and pagination.

Sessions are tied to an API session and are moved when an API session times out or logs out. Active sessions (i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active.

Authorizations:
ztSessionoauth2
query Parameters
limit
integer
offset
integer
filter
string

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "meta": {
    }
}

Create a session resource

Create a session resource.

Authorizations:
ztSessionoauth2
Request Body schema: application/json

A session to create

serviceId
string
object or null (tags)

A map of user defined fields and values. The values are limited to the following types/values: null, string, boolean

type
string (dialBind)
Enum: "Dial" "Bind" "Invalid"

Responses

Request samples

Content type
application/json
{
  • "serviceId": "string",
  • "tags": {
    },
  • "type": "Dial"
}

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Retrieves a single session

Retrieves a single session by id.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": {
    },
  • "meta": {
    }
}

Delete a session

Delete a session by id.

Authorizations:
ztSessionoauth2
path Parameters
id
required
string

The id of the requested resource

Responses

Response samples

Content type
application/json
{
  • "data": { },
  • "meta": {
    }
}