SaaS IP/Geo Access API Resources

The SaaS IP/Geo Access API enables you to create and manage rules to allow or deny access to a SaaS application based on IP addresses/CIDR lists or geographic location.

NOTE: This API is currently in beta.

API Summary

Operation Method Endpoint
Policies
Create a Policy POST /config-saas-rules/v2/policies{?cloneId,contractId,groupId}
List Policy Maps GET /config-saas-rules/v2/policyInfoMaps{?contractId,groupId}
Get a Policy GET /config-saas-rules/v2/policies/{id}
Modify a Policy PUT /config-saas-rules/v2/policies/{id}
List Policy Information GET /config-saas-rules/v2/policyInfoList/{policyId}
Policy Activations
Activate a Policy PUT /config-saas-rules/v2/activations/{?network,ids,historyOnly}
List Policy Activations GET /config-saas-rules/v2/activations/{?network,ids,historyOnly}

Create a Policy

Create a new SaaS Access policy.

NOTE: If a policy already exists with the same policy name, you will receive a 409 (Conflict) status, and the message body will contain the existing policy.

POST /config-saas-rules/v2/policies{?cloneId,contractId,groupId}

Example: /config-saas-rules/v2/policies?cloneId=1–1TJZH5&contractId=1–1TJZH5&groupId=15225

Content-Type: application/json

Request:

{
    "policyManagerRequest": {
        "command": "create",
        "create": {
            "cloudletId": "2",
            "policyName": "UniquePolicyName",
            "policyDescription": "TestPolicy3 description.",
            "matchRules": [
                {
                    "type": "saMatchRule",
                    "end": 0,
                    "id": 0,
                    "matches": [
                        {
                            "caseSensitive": false,
                            "matchOperator": "contains",
                            "matchType": "clientip",
                            "matchValue": "192.168.0.1/24",
                            "negate": false
                        },
                        {
                            "caseSensitive": false,
                            "matchOperator": "contains",
                            "matchType": "country",
                            "matchValue": "US",
                            "negate": false
                        }
                    ],
                    "name": "rule 1",
                    "start": 0
                }
            ]
        }
    }
}

Parameter Type Sample Description
Optional
cloneId String 1-1TJZH5 If cloning an existing policy, this identifies the policy you want to clone.
contractId String 1-1TJZH5 Unique contract identifier.
groupId String 15225 Unique group identifier.

Status 200 application/json

Response:

{
    "responseCode": 0,
    "response": [
        {
            "id": 436,
            "policyId": 1001,
            "createdBy": "cloudlets",
            "createDate": 1400601368151,
            "acgId": "3-10TQKCS",
            "version": 2,
            "immutable": false,
            "activatedProduction": 0,
            "activatedStaging": 0,
            "activatedTest": 0,
            "description": "Description for all policy versions",
            "policyName": "Test1",
            "assetId": 0,
            "cloudletId": 2,
            "cloudletConfig": {},
            "policyDescription": null,
            "policyCreatedBy": "cloudlets",
            "policyLastModifiedBy": "cloudlets",
            "policyCreateDate": 1400535431324,
            "policyLastModifiedDate": 1400601173283,
            "matchRules": null
        }
    ],
    "i18nCode": 0,
    "englishMessage": null
}

List Policy Maps

Gets useful information about all policies.

GET /config-saas-rules/v2/policyInfoMaps{?contractId,groupId}

Example: /config-saas-rules/v2/policyInfoMaps?contractId=1–1TJZH5&groupId=15225

Parameter Type Sample Description
Optional
contractId String 1-1TJZH5 Filters by the contract ID.
groupId String 15225 Filters by the group ID.

Status 200 application/json

Response:

{
    "responseCode": 0,
    "response": [
        {
            "id": 102,
            "policyId": 101,
            "createdBy": "username",
            "createDate": 1399880615407,
            "acgId": "3-10TQKCS",
            "version": 1,
            "immutable": false,
            "activatedProduction": 0,
            "activatedStaging": 0,
            "activatedTest": 0,
            "description": null,
            "policyName": "username_test",
            "assetId": 0,
            "cloudletId": 2,
            "cloudletConfig": {
                "id": 0,
                "key": "SA",
                "name": "SAASACCESS",
                "featureKey": "saasdefinitions",
                "engProduct": "Multiple",
                "policyFileNamePrefix": "nimbus_",
                "openAPIContextRoot": "/config-saas-rules",
                "isInternal": true,
                "stagingLocation": "tapioca_staging_ump_files",
                "productionLocation": "tapioca_ump_files",
                "logsLocation": null
            },
            "policyDescription": "THStark - to get familiar for RBMH",
            "policyCreatedBy": "username",
            "policyLastModifiedBy": "username",
            "policyCreateDate": 1399880598512,
            "policyLastModifiedDate": 1399880615407,
            "matchRules": null
        }
    ],
    "i18nCode": 0,
    "englishMessage": null
}

Get a Policy

Get details for a single policy.

The id is specific to each policy. The id is returned in the response when you create a new policy or retrieve a list of all policies.

NOTE: The matchRules section of the response includes the rule configuration.

GET /config-saas-rules/v2/policies/{id}

Example: /config-saas-rules/v2/policies/1133

Parameter Type Sample Description
Required
id Integer 1133 Unique policy identifier.

Status 200 application/json

Response:

{
    "responseCode": 0,
    "response": {
        "id": 1133,
        "policyId": 686,
        "createdBy": "cloudlets",
        "createDate": 1407339219183,
        "acgId": "3-10TQKCS",
        "version": 1,
        "immutable": false,
        "activatedProduction": 0,
        "activatedStaging": 0,
        "activatedTest": 0,
        "description": "Default description for all versions",
        "policyName": "1SAPolicy",
        "assetId": 0,
        "cloudletId": 2,
        "cloudletConfig": {
            "id": 0,
            "key": "SA",
            "name": "SAASACCESS",
            "featureKey": "saasdefinitions",
            "engProduct": "Multiple",
            "policyFileNamePrefix": "nimbus_",
            "openAPIContextRoot": "/config-saas-rules",
            "isInternal": true,
            "stagingLocation": "tapioca_staging_ump_files",
            "productionLocation": "tapioca_ump_files",
            "logsLocation": null
        },
        "policyDescription": "Sample Description",
        "policyCreatedBy": "cloudlets",
        "policyLastModifiedBy": "cloudlets",
        "policyCreateDate": 1407160924865,
        "policyLastModifiedDate": 1407339219183,
        "matchRules": [
            {
                "type": "saMatchRule",
                "end": 0,
                "id": 0,
                "matches": [
                    {
                        "caseSensitive": false,
                        "matchOperator": "contains",
                        "matchType": "clientip",
                        "matchValue": "10.0.0.5/24 192.168.0.1",
                        "negate": false
                    },
                    {
                        "caseSensitive": false,
                        "matchOperator": "contains",
                        "matchType": "country",
                        "matchValue": "US",
                        "negate": false
                    }
                ],
                "name": "rule 1",
                "start": 0
            }
        ]
    },
    "i18nCode": 0,
    "englishMessage": null
}

Modify a Policy

Make updates to an existing policy.

The id is specific to each policy. The id is returned in the response when you create a new policy or retrieve a list of all policies.

NOTE: The response will contain a new ID.

PUT /config-saas-rules/v2/policies/{id}

Example: /config-saas-rules/v2/policies/1133

Content-Type: application/json

Request:

{
    "policyManagerRequest": {
        "command": "update",
        "update": {
            "overwriteRules": true,
            "id": 435,
            "policyId": 122,
            "createdBy": "cloudlets",
            "createDate": 1400782263395,
            "version": 10,
            "immutable": false,
            "activatedProduction": 0,
            "activatedStaging": 0,
            "activatedTest": 0,
            "description": "Save a new version",
            "policyName": "14_3SA_Policy",
            "assetId": 7939169,
            "cloudletId": 2,
            "cloudletConfig": {},
            "policyDescription": "specific version description",
            "policyCreatedBy": "username",
            "policyLastModifiedBy": "cloudlets",
            "policyCreateDate": 1399997852450,
            "policyLastModifiedDate": 1400782263395,
            "matchRules": [
                {
                    "type": "saMatchRule",
                    "end": 0,
                    "id": 0,
                    "name": "rule 1",
                    "start": 0
                }
            ]
        }
    }
}

Parameter Type Sample Description
Required
id Integer 1133 Unique policy identifier.

Status 200 application/json

Response:

{
    "responseCode": 0,
    "response": {
        "id": 436,
        "policyId": 1001,
        "createdBy": "cloudlets",
        "createDate": 1400782263395,
        "acgId": "3-10TQKCS",
        "version": 10,
        "immutable": false,
        "activatedProduction": 0,
        "activatedStaging": 0,
        "activatedTest": 0,
        "description": "Save a new version",
        "policyName": "14_3SA_Policy",
        "assetId": 7939169,
        "cloudletId": 2,
        "cloudletConfig": {},
        "policyDescription": "specific version description",
        "policyCreatedBy": "username",
        "policyLastModifiedBy": "username2",
        "policyCreateDate": 1399997852450,
        "policyLastModifiedDate": 1400782263395,
        "matchRules": [
            {
                "type": "saMatchRule",
                "end": 0,
                "id": 0,
                "matches": [
                    {
                        "caseSensitive": false,
                        "matchOperator": "contains",
                        "matchType": "clientip",
                        "matchValue": "10.0.0.5/24 192.168.0.1",
                        "negate": false
                    },
                    {
                        "caseSensitive": false,
                        "matchOperator": "contains",
                        "matchType": "country",
                        "matchValue": "US",
                        "negate": false
                    }
                ],
                "name": "rule 1",
                "start": 0
            }
        ]
    },
    "i18nCode": 0,
    "englishMessage": null
}

List Policy Information

List all information about each policy version, except for the matchRules.

The policyId is associated with all versions of a policy. The policyId is returned in the response when you create a new policy, update a policy, or retrieve policy information.

GET /config-saas-rules/v2/policyInfoList/{policyId}

Example: /config-saas-rules/v2/policyInfoList/243

Parameter Type Sample Description
Required
policyId Integer 243 Associated with all versions of a policy.

Status 200 application/json

Response:

{
    "responseCode": 0,
    "response": [
        {
            "id": 351,
            "policyId": 243,
            "createdBy": "ccare2",
            "createDate": 1403050992316,
            "acgId": "3-10TQKCS",
            "version": 1,
            "immutable": false,
            "activatedProduction": 0,
            "activatedStaging": 0,
            "activatedTest": 0,
            "description": null,
            "policyName": "Test_SA_Policy",
            "assetId": 0,
            "cloudletId": 2,
            "cloudletConfig": {
                "id": 0,
                "key": "SA",
                "name": "SAASACCESS",
                "featureKey": "saasdefinitions",
                "engProduct": "Multiple",
                "policyFileNamePrefix": "nimbus_",
                "openAPIContextRoot": "/config-saas-rules",
                "isInternal": true,
                "stagingLocation": "tapioca_staging_ump_files",
                "productionLocation": "tapioca_ump_files",
                "logsLocation": null
            },
            "policyDescription": null,
            "policyCreatedBy": "cloudletsuser",
            "policyLastModifiedBy": "testuser2",
            "policyCreateDate": 1403036738153,
            "policyLastModifiedDate": 1405438191162,
            "matchRules": null
        }
    ],
    "i18nCode": 0,
    "englishMessage": null
}

Activate a Policy

Activate the selected cloudlet policy. The generated policy file propagates to the selected network. After activation completes, the policy is available for use.

PUT /config-saas-rules/v2/activations/{?network,ids,historyOnly}

Example: /config-saas-rules/v2/activations/?network=staging&ids=9,121,436&historyOnly=false

Parameter Type Sample Description
Optional
historyOnly Boolean false If enabled, only the policy activation history is returned. Otherwise policies available for activation are also included.
ids String 9,121,436 A comma-separated list of IDs you want to activate.
network String staging The network (production or staging) onto which you want to activate policies.

Status 200

List Policy Activations

List the activated property configurations.

GET /config-saas-rules/v2/activations/{?network,ids,historyOnly}

Example: /config-saas-rules/v2/activations/?network=staging&ids=9,121,436&historyOnly=false

Parameter Type Sample Description
Optional
historyOnly Boolean false If enabled, only the policy activation history is returned. Otherwise policies available for activation are also included.
ids String 9,121,436 A comma-separated list of IDs you want to activate.
network String staging The network (production or staging) onto which you want to activate policies.

Status 200 application/json

Response:

[
    {
        "version": "2",
        "userData": "",
        "propertyVersionId": "1876276",
        "stagingStatus": "ACTIVE",
        "policies": [
            {
                "policyName": "Test_Policy_4_21",
                "cloudletId": 2,
                "versions": [
                    {
                        "version": "1",
                        "acgId": "3-10TQKCS",
                        "policyVersionId": 9
                    },
                    {
                        "version": "2",
                        "acgId": "3-10TQKCS",
                        "policyVersionId": 15
                    },
                    {
                        "version": "3",
                        "acgId": "3-10TQKCS",
                        "policyVersionId": 82
                    }
                ],
                "id": 9
            }
        ],
        "productionStatus": "DEACTIVATED",
        "fileId": 180234,
        "assetId": 7750603,
        "activatedPolicyVersions": [
            {
                "policies": [
                    {
                        "policyName": "Test_Policy_4_21",
                        "cloudletId": 2,
                        "versions": [
                            {
                                "version": "3",
                                "acgId": "3-10TQKCS",
                                "policyVersionId": 82
                            }
                        ],
                        "id": 9
                    }
                ],
                "productionStatus": null,
                "fileId": 180234,
                "assetId": 7750603,
                "createdBy": "cloudlets",
                "productionLastUpdated": null,
                "stageLastUpdated": 1400615879000,
                "stageStatus": "4000",
                "propertyName": "demo.cloudlets-akamai.com",
                "id": 161,
                "type": "ump"
            },
            {
                "policies": [
                    {
                        "policyName": "Test_Policy_4_21",
                        "cloudletId": 2,
                        "versions": [
                            {
                                "version": "3",
                                "acgId": "3-10TQKCS",
                                "policyVersionId": 82
                            }
                        ],
                        "id": 9
                    }
                ],
                "productionStatus": null,
                "fileId": 180234,
                "assetId": 7750603,
                "createdBy": "cloudlets",
                "productionLastUpdated": null,
                "stageLastUpdated": 1400528573000,
                "stageStatus": "4000",
                "propertyName": "demo.cloudlets-akamai.com",
                "id": 121,
                "type": "ump"
            },
            {
                "policies": [
                    {
                        "policyName": "Test_Policy_4_21",
                        "cloudletId": 2,
                        "versions": [
                            {
                                "version": "3",
                                "acgId": "3-10TQKCS",
                                "policyVersionId": 82
                            }
                        ],
                        "id": 9
                    }
                ],
                "productionStatus": null,
                "fileId": 180234,
                "assetId": 7750603,
                "createdBy": "username",
                "productionLastUpdated": null,
                "stageLastUpdated": 1399605398000,
                "stageStatus": "4000",
                "propertyName": "demo.cloudlets-akamai.com",
                "id": 42,
                "type": "ump"
            },
            {
                "policies": [
                    {
                        "policyName": "Test_Policy_4_21",
                        "cloudletId": 2,
                        "versions": [
                            {
                                "version": "2",
                                "acgId": "3-10TQKCS",
                                "policyVersionId": 15
                            }
                        ],
                        "id": 9
                    }
                ],
                "productionStatus": "4000",
                "fileId": 180234,
                "assetId": 7750603,
                "createdBy": "username",
                "productionLastUpdated": 1398269199000,
                "stageLastUpdated": null,
                "stageStatus": null,
                "propertyName": "demo.cloudlets-akamai.com",
                "id": 2,
                "type": "ump"
            },
            {
                "policies": [
                    {
                        "policyName": "Test_Policy_4_21",
                        "cloudletId": 2,
                        "versions": [
                            {
                                "version": "2",
                                "acgId": "3-10TQKCS",
                                "policyVersionId": 15
                            }
                        ],
                        "id": 9
                    }
                ],
                "productionStatus": null,
                "fileId": 180234,
                "assetId": 7750603,
                "createdBy": "username",
                "productionLastUpdated": null,
                "stageLastUpdated": 1398218268000,
                "stageStatus": "4000",
                "propertyName": "demo.cloudlets-akamai.com",
                "id": 1,
                "type": "ump"
            }
        ],
        "tokens": [ "Test_Policy_4_21" ],
        "featureKey": "saasdefinitions",
        "name": "demo.cloudlets-akamai.com"
    }
]


Last modified: 12/12/2016