Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 61 Next »

Overview

Check the list of available endpoints and methods to modify and update domains (both common and multitenant domains) using the Provisioning API:

Endpoints and methods

Description

GET /domain see below

Get a list of all the domains in a multitenant structure.

GET /domain/{domainName} see below

Get basic information about a given domain in a multitenant structure.

GET /domain/{domainName}/retention see below

Get the price plan retention values of the given multitenant domain.

GET /domain/{domainName}/roles see below

Get details of all the roles in the given domain.

GET /domain/{domainName}/roles/{roleName} see below

Get details of a specific role in a given domain.

GET /domain/{domainName}/policies see below

Get the list of role policies available in a given domain.

GET /domain/{domainName}/applications see below

Get the list of applications available in a given domain.

GET /domain/{domainName}/resources see below

Get the list of role resources available in a given domain.

GET /domain/{domainName}/roles/vaults see below

Get the list of role vaults available in a given domain.

GET /domain/{domainName}/preferences see below

Retrieve the subset of preferences of the given domain.

GET /domain/{domainName}/preferences/limits see below

Retrieve the limits in the preferences of the given domain.

GET /domain/{domainName}/visibility see below

Returns a list of all the domains from which a root domain can access data in a multitenant structure.

GET /domain/{domainName}/auth see below

Returns the configuration info of a multitenant domain.

POST /domain see below

Create a new domain in a multitenant structure.

POST /domain/{domainName}/disable see below

Disable a multitenant domain.

POST /domain/{domainName}/enable see below

Enable a multitenant domain.

POST /domain/{domainName}/roles see below

Create a new role in a given domain.

PUT /domain/{domainName}/plan see below

Change the current plan of a multitenant domain.

PUT /domain/{domainName}/retention see below

Update the given domain plan retention configuration.

PUT /domain/{domainName}/roles see below

Update a role in a given domain.

PUT /domain/{domainName}/roles/{roleName} see below

Update a role.

PUT /domain/{domainName}/preferences see below

Update the subset of preferences of a given domain.

PUT /domain/{domainName}/preferences/limits see below

Update the limits in the preferences of a given domain.

PUT /domain/{domainName}/certificates/download see below

Download a certificate.

PUT /domain/{domainName}/auth see below

Update the configuration of a multitenant domain.

DELETE /domain/{domainName} see below

Delete a domain.

DELETE /domain/{domainName}/roles/{roleName} see below

Delete a role in a given domain.

Endpoints and methods

GET /domain

Get a list of all the domains in a multitenant structure. By default, only active domains are retrieved.

 Request

Query string parameters

Query string parameters are optionally added after the path parameters, preceded by a question mark (?) and separated by an ampersand (&)

Parameter

Type

Description

all

boolean

Set this parameter to true if you want to get all the domains, including disabled ones. The default value is false.

Find below a request example:

https://api-us.devo.com/probio/domain
 Response

Code

Description and sample body

200

Successful response. List of domains retrieved.

[
  {
    "name": "domain_1@demo",
    "plan": "default",
    "time": 36.0,
    "volume": 10.0,
    "status": "Active"
  },
  {
    "name": "domain_"@demo",
    "plan": "default",
    "time": 60.0,
    "volume": 1.3,
    "status": "Active"
  }
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}

Get basic information about a given domain in a multitenant structure.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. Using the format {domainName}@{resellerName} is optional.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName
 Response

Code

Description and sample body

200

Successful response. Domain details retrieved.

{
  "name": "domainName@resellerName",
  "plan": "default",
  "time": 36.0,
  "volume": 10.0,
  "status": "Active"
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/retention

Get the price plan retention values of the given multitenant domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/retention
 Response

Code

Description and sample body

200

Successful response. Domain retention values retrieved.

{
  "retentionUnit": "DAYS",
  "retentionValue": 1080,
  "volume": 10.0
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/roles

Get details of all the roles in the given domain, including the default ones.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domainName@resellerName/roles
 Response

Code

Description and sample body

200

Successful response. Domain roles retrieved.

[
  {
    "name": "Administrator",
    "description": null,
    "id": 724,
    "type": "ADMIN",
    "finderId": -1
  },
  {
    "name": "No Privileges",
    "description": null,
    "id": 725,
    "type": "NO_PRIVILEGES",
    "finderId": -1
  }
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/roles/{roleName}

Get details of a specific role in a given domain, either a default or a custom role.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

roleName required

string

Enter the name of the required role.

Query string parameters

Query string parameters are optionally added after the path parameters, preceded by a question mark (?) and separated by an ampersand (&)

Parameter

Type

Description

full

boolean

Set this to true if you want to get additional details about the role (assigned policies, resources, applications…). The default value is false.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/roles/Administrator?full=true
 Response

Code

Description and sample body

200

Successful response. Role info retrieved.

Parameter full set to true:

{
    "name": "Administrator",
    "description": null,
    "id": 724,
    "type": "ADMIN",
    "finderId": -1,
    "policies": [
        {
            "action": "admin_user_resources",
            "level": 5,
            "label": "policy.admin_user_resources.manage",
            "id": 142,
            "justForReseller": false
        },
        {
            "action": "lookups_restriction",
            "level": 5,
            "label": "policy.lookups_restriction.manage",
            "id": 25,
            "justForReseller": false
        },
        {
            "action": "domain-queries",
            "level": 1,
            "label": "policy.domain-queries.view",
            "id": 88,
            "justForReseller": false
        },
        {
            "action": "landing",
            "level": 1,
            "label": "policy.landing.view",
            "id": 78,
            "justForReseller": false
        },
        {
            "action": "loxcope_columns",
            "level": 5,
            "label": "policy.loxcope_columns.manage",
            "id": 121,
            "justForReseller": false
        },
        {
            "action": "lookups",
            "level": 5,
            "label": "policy.lookups.manage",
            "id": 139,
            "justForReseller": false
        },
        {
            "action": "query_management",
            "level": 1,
            "label": "policy.query_management.view",
            "id": 23,
            "justForReseller": false
        },
        {
            "action": "permalinks",
            "level": 5,
            "label": "policy.permalinks.manage",
            "id": 131,
            "justForReseller": false
        },
        {
            "action": "lookups",
            "level": 1,
            "label": "policy.lookups.view",
            "id": 137,
            "justForReseller": false
        },
        {
            "action": "go_to_query",
            "level": 1,
            "label": "policy.go_to_query.view",
            "id": 140,
            "justForReseller": false
        },
        {
            "action": "alertSM_pushover",
            "level": 5,
            "label": "policy.alertSM_pushover.manage",
            "id": 173,
            "justForReseller": false
        },
        {
            "action": "home",
            "level": 1,
            "label": "policy.home.view",
            "id": 41,
            "justForReseller": false
        },
        {
            "action": "redadaDashboards",
            "level": 5,
            "label": "policy.redadaDashboards.manage",
            "id": 157,
            "justForReseller": false
        },
        {
            "action": "http_tokens",
            "level": 5,
            "label": "policy.http_tokens.manage",
            "id": 125,
            "justForReseller": false
        }
    ],
    "applications": [],
    "dashboards": [],
    "lookups": [],
    "finder": {
        "id": -1,
        "name": "Default",
        "description": null
    },
    "defVault": {
        "id": 2,
        "name": "normal",
        "label": "vault.normal",
        "share": 2
    },
    "maxVault": {
        "id": 2,
        "name": "normal",
        "label": "vault.normal",
        "share": 2
    },
    "alertPermission": [
        {
            "level": "all",
            "granted": "all",
            "editable": 1
        }
    ],
    "activeboards": []
}

Paremeter full set to false:

{
  "name": "Administrator",
  "description": null,
  "id": 724, 
  "type": "ADMIN",
  "finderId": -1
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/policies

Get the list of role policies (or permissions) available in a given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/policies
 Response

Code

Description and sample body

200

Successful response. List of available policies retrieved.

[
  "policy.alertSM_slack.manage",
  "policy.lookups_restriction.view",
  "policy.alertSM_httpjson.manage",
  "policy.alertSM_jira.manage",
  "policy.casperables_custom.view",
  "policy.notifications.view",
  "policy.alertSM_jira.view",
  "policy.notifications.manage",
  "policy.alertSM_servicenow.manage",
  "policy.logautoparser.manage",
  "policy.landing.manage",
  "policy.relays.manage",
  "policy.users.manage",
  "policy.query_management.manage",
  "policy.alerts.view",
  "policy.alertSM_httpjson.view",
  "policy.domain_activity.view",
  "policy.userdsh.view",
  "policy.domain_connections.view",
  "policy.view_profile.view",
  "policy.permalinks.view",
  "policy.inject_myapp.view",
  "policy.redadaDashboards.manage",
  "policy.alerts_resetglobe.manage",
  "policy.lookups.view",
  "policy.inject_myapp.manage",
  "policy.home.view",
  "policy.domain_permalinks.view",
  "policy.http_tokens.view",
  "policy.alertSM_servicedesk.view",
  "policy.alertSM_email.manage",
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/applications

Get the list of applications available in a given domain, both installed and not installed.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/applications
 Response

Application codes

The response list the domain applications with their corresponding codes. Check here the codes for the most common applications in Devo. If you need to know some other app codes, get in touch with us.

Code

Description and sample body

200

Successful response. List of available applications retrieved.

[
  "app.avm",
  "lib.tracking",
  "lib.system",
  "lib.webserver",
  "app.report.firewall",
  "app.custom.SecurityInsights_1_2_0",
  "lib.appserver",
  "lib.logtrust",
  "lib.custom",
  "lib.attack""
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/resources

Get the list of role resources available in a given domain. Resources refer to lookups and activeboards created in the domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/resources
 Response

Code

Description and sample body

200

Successful response. List of available resources retrieved.

[
  {
    "id": 506,
    "name": "gondor-lookup-2",
    "description": null,
    "editable": false
  },
  {
    "id": 503,
    "name": "my-activeboard",
    "description": null,
    "editable": false
    }
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/roles/vaults

Get the list of role vaults available in a given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/roles/vaults
 Response

Code

Description and sample body

200

Successful response. List of vaults retrieved.

[
  {
    "id": 1,
    "name": "low",
    "label": "vault.low",
    "share": 1
  },
  {
    "id": 2,
    "name": "normal",
    "label": "vault.normal",
    "share": 2
  },
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/preferences

Retrieves the subset of preferences of the given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/preferences
 Response

Code

Description and sample body

200

Successful response. List of preferences retrieved.

{
  "inactivityPeriod": 10,
  "expiresSession": true,
  "getLocaleFromBrowser": true,
  "locale": 1000,
  "hideDemoTablesChecked": false,
  "loxcopeCaseSensitivity": "yes",
  "defaultRange": "1000",
  "queryForever": "yes"
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/preferences/limits

Retrieve the limits in the preferences of the given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/preferences/limits
 Response

Code

Description and sample body

200

Successful response. List of limits retrieved.

{
  "userLimit": 99999,
  "certificateLimit": 9999,
  "keyLimit": 9999
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/visibility

Returns a list of all the domains from which a root domain can access data in a multitenant structure.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/visibility
 Response

Code

Description and sample body

200

Successful response. List of domains retrieved.

[
  "domain1@multitenant",
  "domain2@multitenant",
  "domain3@multitenant"
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

GET /domain/{domainName}/auth

Returns the configuration info of a multitenant domain.

Note that this request requires multitenant API credentials.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required multitenant domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/auth
 Response

Code

Description and sample body

200

Successful response. List of domains retrieved.

[
  "domain1@multitenant",
  "domain2@multitenant",
  "domain3@multitenant"
]

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

POST /domain

Create a new domain in a multitenant structure.

 Request

Request body

The request JSON body must include the domainInfo object with the following key-value pairs:

Parameter

Type

Description

name required

string

Enter the name of the required domain.

The domain name might include the @{multitenantName} tail or not, but take into account that the full name will actually be used (for example, for name length validation).

The name value will always contain the full domain name in the response, even if you have provided only the domain name without the multitenant name tail.

plan required

string

Enter the name of the price plan. Assigning a domain to an existing, valid multitenant price plan is mandatory.

time

number

Indicate the retention time in months. The maximum value is 100.

volume

number

Enter the storage volume in GB. The maximum value is 100.

Assign an owner to the new domain

After creating a new domain, it won’t be accessible until you assign a new or existing user as the domain owner. To do this, you can use the operation described in User operations. Keep in mind that this user needs to have the role Owner.

Domain applications

When you create a new domain, all the applications that belong to the assigned price plan plus all the generic applications will be activated in the new domain.

If only the plan apps are required, the multitenant preferences need to include the property includeAllAvailableApps set to false. This change affects the subscribed alarms (adding or removing the default alarm subscriptions), and is applied when changing a multitenant plan.

Find below a request example:

https://api-us.devo.com/probio/domain

And this is an example of a request body, including the required JSON object:

{
  "name": "new-domain", 
  "plan": "default-1", 
  "time": 10.0, 
  "volume": 100.0
}
 Response

Code

Description and sample body

200

Successful response. Domain created.

{
  "name": "new-domain@myreseller", 
  "plan": "default-1", 
  "time": 10.0, 
  "volume": 100.0,
  "status" : "Active"
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

POST /domain/{domainName}/disable

Disable a multitenant domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/disable
 Response

Code

Description

200

Successful response. Domain disabled.

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

POST /domain/{domainName}/enable

Enable a multitenant domain.

Domains with the status pending cannot be activated. Also, when you try to disable or enable an already disabled or enabled domain, you will get an error response.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/enable
 Response

Code

Description and sample body

200

Successful response. Domain enabled.

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

POST /domain/{domainName}/roles

Create a new role in a given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Request body

The request JSON body must include the userInfo object with the following key-value pairs:

Parameter

Type

Description

name required

string

Enter the name of the new role.

description

string

An optional description for the role.

policies

list

The role policies (or permissions) of the new role.

If this parameter is not included, all the available policies will be added to the role. Using the value [*] or * will also add all the available policies. For an empty policy list, use [].

Example: ["policy_1", "policy_2"]

Role without policies

Note that a role without policies must have at least one application assigned, otherwise the creation operation will fail.

applications

list

Specify the applications available for the new role.

Using the value [*] or * will add all the available applications. For an empty application list, use [].

Example: ["application_1", "application_2"]

defaultApplicationName

string

The required application to use as the default one. The default application name must be among the role applications specified.

A default application name is not required when the policies list is empty (a missing registry key is interpreted as an empty list)

resources

object

A JSON object where you indicate the resources to be added to the role. You mast add an array for each resource, including its ID and access level:

  • id - (integer) ID of the resource to be added to the role

  • editable - (integer) Set the required access level for the resource. Note that you must have the required permissions to give access to a resource; otherwise, an error will be returned. Allowed values are 0 (view access) or 1 (manage access).

Example:

  "resources": [
    {
      "id": 501,
      "editable": 1
    }
  ]

resourceIds

object

Deprecated parameter

Note that this parameter is deprecated and it is recommended to use the resources parameter instead. This parameter will continue working to avoid compatibility issues.

If a request includes both schemas, the resources parameter will take precedence.

A JSON object with the resource type and a list of resources IDs. Each resource ID instance takes a name plus an integer array. The name is not really important and only exists to provide a clearer way to describe the role. Each entry resource ID list can be empty.

Using the key pair "*": [] will add all the available domain resources. For an empty resource list, use [].

Examples

Assign specific resources:

  "resourceIds": {
    "activeboard": [501]
    "lookup": [1000, 2000]
  }

No resources assigned:

  "resourceIds": {
    "activeboard": []
    "lookup": []
  }

Add all the available domain resources (lookups and activeboards):

  "resourceIds": {
    "*": []
  }

finderName

string

Optionally, enter the name of the default finder to be assigned to the role.

alertPermission

string

Level of permission over alerts that you want to grant to the new role. There are 3 options available:

  • Null value - Permissions over alerts will not be updated over any existing ones while updating a role, or will be created empty when creating a role.

  • Empty value - No permissions are given over alerts. Several policies might produce and error when the role has no permissions over any alert.

  • Specific value - The role will have permissions only over the provided alerts. This is the format to follow:

    • level - The access level to be granted. Options are: all, category (can be abbreviated as cat), subcategory (can be abbreviated as sub), and context (can be abbreviated as ctx).

    • granted - The alert ID over which the access is granted. Use all to include all alerts. For the permission to work, the level and grant value must match, meaning that
      the granted ID must belong to the specified category.

    • editable - Defines if the alert can be edited or not. Use values 1 (editable) and 0 (not editable).

 ...
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 0 }
  ],
  ...

Note that several policies require certain alert permissions to be assigned. For example, to include any policy related with alerts, permissions over at least one alert is required. Similarly, any alert management policy requires the same but for an alert with management permissions.

When the * value is used for policies, the policies assigned will depend on the alert permissions granted. In the following example, we are granting view permissions over all alerts, so the policies assigned by the wildcard will include values like policy.alerts.view but not policy.alerts.manage

{
  "name": "test-role",
  "alertPermission": [
    { "level" : "all", "granted": "all", "editable": 0 }
  ],
  "policies": "*"
}

Only name required

Only the name is actually required. If you define a role and give it a name only, a role with all the available policies, applications, and resources will be created.

Currently, these parameters cannot be changed through the API but can be requested:

Parameter

Type

Description

defVaultId

integer

The default vault (querying priority level) defined for the role.

maxVaultId

integer

The maximum vault defined to be used in the role.

Using the defVault and maxVault parameters

Admin users need some additional permissions in order to use the defVault and maxVault parameters. Please contact us if you need to use these parameters and we will grant the required permissions to your user.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/roles

And this is an example of a request body, including the required JSON object:

{
  "name": "test-role",
  "description": "test-role-description",
  "policies": "*",
  "applications": ["my-custom-app","another-app"],
  "defaultApplicationName": "my-custom-app",
  "resourceIds": {
      "activeboard": [501]
      "lookup": [1000, 2000]
  } 
  "finderName": "myFinder"
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 1 }
  ],
}
 Response

Code

Description

200

Successful response. Role created.

{
  "name": "test-role",
  "description": "test-role-description",
  "policies": "*",
  "applications": ["my-custom-app","another-app"],
  "defaultApplicationName": "my-custom-app",
  "resourceIds": {
      "activeboard": [501]
      "lookup": [1000, 2000]
  } 
  "finderName": "myFinder"
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 1 }
  ],
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

PUT /domain/{domainName}/plan

Change the current plan of a multitenant domain. The new plan must be valid for the multitenant structure and different from the current one.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Query string parameters

Query string parameters are added after the path parameters, preceded by a question mark (?) and separated by an ampersand (&)

Parameter

Type

Description

pricePlan required

string

Name of the new plan to be set.

keepRole

string

Decide what to do with users that have a custom role, that is to say, roles other than Admin and No privileges. Possible values are:

  • true - roles in the current plan will be searched in the new one and used where available. If the role of a user is not found in the new plan, they will be set to No provileges.

  • false (or null) - all custom roles will be updated to No privileges. This is the default behavior.

  • Finally, providing a specific role name will work the same as with true, but using the provided role when a matching custom role is not found. This fallback role must exist, or a bad request error will be returned.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/plan/?pricePlan=plan-name&keepRole=true
 Response

Code

Description

200

Successful response. Plan updated.

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

PUT /domain/{domainName}/retention

Update the price plan configuration (retention & volume) of a given domain. Partial updates are permitted.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Request body

The request JSON body must include the retentionConfig object with the following key-value pairs:

Parameter

Type

Description

volume

number

Enter the maximum ingestion volume.

retentionUnit

string

Specify the required unit of the retention value.. Allowed values are DAYS, MONTHS, WEEKS and YEARS.

retentionValue

integer

Required retention value.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/retention

And this is an example of a request body, including the required JSON object:

{
  "volume": 2.5,
  "retentionUnit": "MONTHS",
  "retentionValue": 6
}
 Response

Code

Description

200

Successful response. Plan updated.

{
  "volume": 2.5,
  "retentionUnit": "MONTHS",
  "retentionValue": 6
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

PUT /domain/{domainName}/roles

Updates a domain custom role in a given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Request body

The request JSON body must include the userInfo object with the following key-value pairs:

Parameter

Type

Description

name required

string

Enter the name of the role to be updated.

description

string

An optional description for the role.

policies

list

The role policies (or permissions) of the role.

If this parameter is not included, all the available policies will be added to the role. Using the value [*] or * will also add all the available policies. For an empty policy list, use [].

Example: ["policy_1", "policy_2"]

Role without policies

Note that a role without policies must have at least one application assigned, otherwise the creation operation will fail.

applications

list

Specify the applications available for the role.

Using the value [*] or * will add all the available applications. For an empty application list, use [].

Example: ["application_1", "application_2"]

defaultApplicationName

string

The required application to use as the default one. The default application name must be among the role applications specified.

A default application name is not required when the policies list is empty (a missing registry key is interpreted as an empty list.)

resourceIds

object

A JSON object with the resource type and a list of resources IDs. Each resource ID instance takes a name plus an integer array. The name is not really important and only exists to provide a clearer way to describe the role. Each entry resource ID list can be empty.

Using the key pair "*": [] will add all the available domain resources. For an empty resource list, use [].

Examples

Assign specific resources:

  "resourceIds": {
    "activeboard": [501]
    "lookup": [1000, 2000]
  }

No resources assigned:

  "resourceIds": {
    "activeboard": []
    "lookup": []
  }

Add all the available domain resources (lookups and activeboards):

  "resourceIds": {
    "*": []
  }

finderName

string

Optionally, enter the name of the default finder to be assigned to the role.

alertPermission

string

Level of permission over alerts that you want to grant to the role. There are 3 options available:

  • Null value - Permissions over alerts will not be updated over any existing ones while updating a role, or will be created empty when creating a role.

  • Empty value - No permissions are given over alerts. Several policies might produce and error when the role has no permissions over any alert.

  • Specific value - The role will have permissions only over the provided alerts. This is the format to follow:

    • level - The access level to be granted. Options are: all, category (can be abbreviated as cat), subcategory (can be abbreviated as sub), and context (can be abbreviated as ctx).

    • granted - The alert ID over which the access is granted. Use all to include all alerts. For the permission to work, the level and grant value must match, meaning that
      the granted ID must belong to the specified category.

    • editable - Defines if the alert can be edited or not. Use values 1 (editable) and 0 (not editable).

 ...
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 0 }
  ],
  ...

Note that several policies require certain alert permissions to be assigned. For example, to include any policy related with alerts, permissions over at least one alert is required. Similarly, any alert management policy requires the same but for an alert with management permissions.

When the * value is used for policies, the policies assigned will depend on the alert permissions granted. In the following example, we are granting view permissions over all alerts, so the policies assigned by the wildcard will include values like policy.alerts.view but not policy.alerts.manage

{
  "name": "test-role",
  "alertPermission": [
    { "level" : "all", "granted": "all", "editable": 0 }
  ],
  "policies": "*"
}

Only name required

Only the name is actually required. If you define a role and give it a name only, a role with all the available policies, applications, and resources will be created.

Currently, these parameters cannot be changed through the API but can be requested:

Parameter

Type

Description

defVaultId

integer

The default vault (querying priority level) defined for the role.

maxVaultId

integer

The maximum vault defined to be used in the role.

Using the defVault and maxVault parameters

Admin users need some additional permissions in order to use the defVault and maxVault parameters. Please contact us if you need to use these parameters and we will grant the required permissions to your user.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/roles

And this is an example of a request body, including the required JSON object:

{
  "name": "test-role",
  "description": "test-role-description",
  "policies": "*",
  "applications": ["my-custom-app","another-app"],
  "defaultApplicationName": "my-custom-app",
  "resourceIds": {
      "activeboard": [501]
      "lookup": [1000, 2000]
  } 
  "finderName": "myFinder"
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 1 }
  ],
}
 Response

Code

Description

200

Successful response. Role updated.

{
  "name": "test-role",
  "description": "test-role-description",
  "policies": "*",
  "applications": ["my-custom-app","another-app"],
  "defaultApplicationName": "my-custom-app",
  "resourceIds": {
      "activeboard": [501]
      "lookup": [1000, 2000]
  } 
  "finderName": "myFinder"
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 1 }
  ],
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

PUT /domain/{domainName}/roles/{roleName}

Updates a domain custom role.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

roleName required

string

Enter the name of the role to be updated.

Request body

The request JSON body must include the userInfo object with the following key-value pairs:

Parameter

Type

Description

name required

string

Enter the name of the role to be updated.

description

string

An optional description for the role.

policies

list

The role policies (or permissions) of the role.

If this parameter is not included, all the available policies will be added to the role. Using the value [*] or * will also add all the available policies. For an empty policy list, use [].

Example: ["policy_1", "policy_2"]

Role without policies

Note that a role without policies must have at least one application assigned, otherwise the creation operation will fail.

applications

list

Specify the applications available for the role.

Using the value [*] or * will add all the available applications. For an empty application list, use [].

Example: ["application_1", "application_2"]

defaultApplicationName

string

The required application to use as the default one. The default application name must be among the role applications specified.

A default application name is not required when the policies list is empty (a missing registry key is interpreted as an empty list.)

resourceIds

object

A JSON object with the resource type and a list of resources IDs. Each resource ID instance takes a name plus an integer array. The name is not really important and only exists to provide a clearer way to describe the role. Each entry resource ID list can be empty.

Using the key pair "*": [] will add all the available domain resources. For an empty resource list, use [].

Examples

Assign specific resources:

  "resourceIds": {
    "activeboard": [501]
    "lookup": [1000, 2000]
  }

No resources assigned:

  "resourceIds": {
    "activeboard": []
    "lookup": []
  }

Add all the available domain resources (lookups and activeboards):

  "resourceIds": {
    "*": []
  }

finderName

string

Optionally, enter the name of the default finder to be assigned to the role.

alertPermission

string

Level of permission over alerts that you want to grant to the role. There are 3 options available:

  • Null value - Permissions over alerts will not be updated over any existing ones while updating a role, or will be created empty when creating a role.

  • Empty value - No permissions are given over alerts. Several policies might produce and error when the role has no permissions over any alert.

  • Specific value - The role will have permissions only over the provided alerts. This is the format to follow:

    • level - The access level to be granted. Options are: all, category (can be abbreviated as cat), subcategory (can be abbreviated as sub), and context (can be abbreviated as ctx).

    • granted - The alert ID over which the access is granted. Use all to include all alerts. For the permission to work, the level and grant value must match, meaning that
      the granted ID must belong to the specified category.

    • editable - Defines if the alert can be edited or not. Use values 1 (editable) and 0 (not editable).

 ...
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 0 }
  ],
  ...

Note that several policies require certain alert permissions to be assigned. For example, to include any policy related with alerts, permissions over at least one alert is required. Similarly, any alert management policy requires the same but for an alert with management permissions.

When the * value is used for policies, the policies assigned will depend on the alert permissions granted. In the following example, we are granting view permissions over all alerts, so the policies assigned by the wildcard will include values like policy.alerts.view but not policy.alerts.manage

{
  "name": "test-role",
  "alertPermission": [
    { "level" : "all", "granted": "all", "editable": 0 }
  ],
  "policies": "*"
}

Only name required

Only the name is actually required. If you define a role and give it a name only, a role with all the available policies, applications, and resources will be created.

Currently, these parameters cannot be changed through the API but can be requested:

Parameter

Type

Description

defVaultId

integer

The default vault (querying priority level) defined for the role.

maxVaultId

integer

The maximum vault defined to be used in the role.

Using the defVault and maxVault parameters

Admin users need some additional permissions in order to use the defVault and maxVault parameters. Please contact us if you need to use these parameters and we will grant the required permissions to your user.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/roles

And this is an example of a request body, including the required JSON object:

{
  "name": "test-role",
  "description": "test-role-description",
  "policies": "*",
  "applications": ["my-custom-app","another-app"],
  "defaultApplicationName": "my-custom-app",
  "resourceIds": {
      "activeboard": [501]
      "lookup": [1000, 2000]
  } 
  "finderName": "myFinder"
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 1 }
  ],
}
 Response

Code

Description

200

Successful response. Role updated.

{
  "name": "test-role",
  "description": "test-role-description",
  "policies": "*",
  "applications": ["my-custom-app","another-app"],
  "defaultApplicationName": "my-custom-app",
  "resourceIds": {
      "activeboard": [501]
      "lookup": [1000, 2000]
  } 
  "finderName": "myFinder"
  "alertPermission": [
    { "level" : "all", 
      "granted": "all", 
      "editable": 1 }
  ],
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

PUT /domain/{domainName}/preferences

Update the subset of preferences of a given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Request body

The request JSON body must include the spec object with the following key-value pairs:

Parameter

Type

Description

inactivityPeriod required

number

Specify the period of time during which a user can be inactive (that is, not interact with the system in any way) without any impact on their session. After the inactivity period expires, the user is locked out of the session and must log back in to continue working with Devo.

This is valid only when the expiresSession parameter is set to true.

expiresSession

boolean

Select if you want to set an inactivity timeout for domain session. Otherwise, user sessions remain open until manually closed.

getLocaleFromBrowser

boolean

Set this parameter to true to use the language configured in your web browser.

If your browser language is not supported by Devo, English is the language automatically applied.

You can only use this parameter if you don’t include the parameter locale, or set it to false.

locale

string

Specify the language of the application. This can be overridden in a user's individual preferences.

hideDemoTablesChecked

booleang

Check this box to hide the demo* tables in the finder.

loxcopeCaseSensitivity

string

Some query operations have a case-sensitive and a case insensitive version. You can choose which one is used by default when both options exist. There are two options available:

  • case sensitive - Set case sensitive operations as default for operations that have both options.

  • case insensitive - Set case insensitive operations as default for operations that have both options.

defaultRange

string

Specify the time range that determines which events to load by default. The maximum is 24 hours. This applies to all users and all data tables in the domain.

queryForever

string

Select to activate real-time data flow by default when opening a data table or query. Otherwise, data tables open with a time range whose end date corresponds to the moment they were opened.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/preferences

And this is an example of a request body, including the required JSON object:

{
    "inactivityPeriod": 10,
    "expiresSession": true,
    "getLocaleFromBrowser": true,
    "locale": 1000,
    "hideDemoTablesChecked": false,
    "loxcopeCaseSensitivity": "yes",
    "defaultRange": "1000"
}
 Response

Code

Description

200

Successful response. Preferences updated.

{
    "inactivityPeriod": 10,
    "expiresSession": true,
    "getLocaleFromBrowser": true,
    "locale": 1000,
    "hideDemoTablesChecked": false,
    "loxcopeCaseSensitivity": "yes",
    "defaultRange": "1000"
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

PUT /domain/{domainName}/preferences/limits

Update the limits in the preferences of a given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Request body

The request JSON body must include the spec object with the following key-value pairs:

Parameter

Type

Description

userLimit

number

Specify the limit of users in the domain.

certificateLimit

number

Specify the number of certificates that can be created in a domain.

keyLimit

number

Specify the number of access keys that can be created in a domain

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/preferences/limits

And this is an example of a request body, including the required JSON object:

{
  "userLimit": 99999,
  "certificateLimit": 9999,
  "keyLimit": 9999
}
 Response

Code

Description

200

Successful response. Limits updated.

{
  "userLimit": 99999,
  "certificateLimit": 9999,
  "keyLimit": 9999
}

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

PUT /domain/{domainName}/certificates/download

Download the certificates of a given domain.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. For multitenant domains, enter the full domain name using the format {domainName}@{resellerName}

Query string parameters

Query string parameters are added after the path parameters, preceded by a question mark (?) and separated by an ampersand (&)

Parameter

Type

Description

name

string

Name of the certificate to be downloaded. Note that this is the name that appears in the Administration → Credentials → X.509 Certificates area.

pwd

string

Password of the required certificate. This is the password for the private key in the Administration → Credentials → X.509 Certificates area.

type

string

Type of certificate to be downloaded. Possible values are pkcs12, tar, jks, or bks (default value is pkcs12).

Depending on the parameters given, the behavior will be different:

  • Name and password provided → The service will look for a certificate matching the given values. A failure response will be sent on errors.

  • Name given, but no password provided → The service will assume the domain API secret as the certificate password. If the certificate exists but has a different password, an error will be returned.

  • No name nor password →  In this case, a certificate named '{domainName}_0' will be used, creating it when not found, and using the domain API secret as the password.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/certificates/download

PUT /domain/{domainName}/auth

Updates the configuration info of a multitenant domain.

Note that this request requires multitenant API credentials.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Request body

The request JSON body must include the saml2 , openid or password object with the following key-value pairs:

SAML

Parameter

Type

Description

active

boolean

Set this parameter to true to activate this method.

userProvisioning

boolean

Set this parameter to true to automatically register the new user during the authentication process.

roleMapping

boolean

Set this parameter to true to link your external roles with the ones in your Devo domain.

usePostMappingRequest

boolean

Set this parameter to true to use a POST-Binding workflow instead of HTTP-Redirect.

idp

array

Include the following parameters in this array:

  • id (string)

  • ssoUrl (string)

  • certificate (string)

  • nameIdFormat (string)

Learn more about this parameters in this article.

sp

array

Include the following parameters in this array:

  • acsUrl (string)

  • id (string)

  • homeUrl (string)

Learn more about this parameters in this article.

OpenID

Parameter

Type

Description

active

boolean

Set this parameter to true to activate this method.

userProvisioning

boolean

Set this parameter to true to automatically register the new user during the authentication process.

roleMapping

boolean

Set this parameter to true to link your external roles with the ones in your Devo domain.

idp

array

Include the following parameters in this array:

  • id (string)

  • secret (string)

  • ssoUrl (string)

  • certificate (string)

  • nameIdFormat (string)

Learn more about these parameters in this article.

sp

array

Include the following parameters in this array:

  • homeUrl (string)

Learn more about these parameters in this article.

Password

Parameter

Type

Description

active

boolean

Set this parameter to true to activate this method.

mfaActive

boolean

Set this parameter to true to enable MFA (Multi-factor authentication). Learn more about this authentication method in this article.

mfaSkip

boolean

Set this parameter to true if you want to make MFA optional for your domain users temporarily. Learn more about this in this article.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/auth

And these are examples of the required JSON bodies:

SAML

{
  "saml2": {
      "active": false,
      "userProvisioning": true,
      "roleMapping": true,
      "usePostMappingRequest": true,
      "sp": {
          "homeUrl": "",
          "acsUrl": "",
          "id": ""
      },
      "idp": {
          "id": "",
          "ssoUrl": "",
          "certificate": "",
          "nameIdFormat": ""
      }
   }  
}

OpenID

{
   "openid": {
        "active": false,
        "userProvisioning": true,
        "roleMapping": true,
        "sp": {
            "homeUrl": ""
        },
        "idp": {
            "id": "",
            "secret": "",
            "ssoUrl": "",
            "tokenUrl": "",
            "userInfoUrl": ""
        }
    }
}

Password

{    
    "password": {
        "active": true,
        "mfaActive": true,
        "mfaSkip": true
    }
}

DELETE /domain/{domainName}

Delete a multitenant domain. This will additionally delete all user domains belonging to the multitenant domain. Any user that ends up without at least one user domain will be deleted as well.

Note that this request requires multitenant API credentials.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName
 Response

Code

Description

200

Successful response. Domain deleted.

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

DELETE /domain/{domainName}/roles/{roleName}

Delete a role in a given domain. Note that a role cannot be deleted while it is assigned to a user.

 Request

Path parameters

Add the following path parameters as part of the endpoint:

Parameter

Type

Description

domainName required

string

Enter the name of the required domain. You must enter the full domain name using the format {domainName}@{resellerName}

roleName required

string

Enter the name of the role to be deleted.

Find below a request example:

https://api-us.devo.com/probio/domain/domainName@resellerName/roles/myRole
 Response

Code

Description

200

Successful response. Role deleted.

400

Bad request.

{
  "code": {
    "10": "Invalid signature"
  },
  "message": "string"
}

  • No labels