API
  • 29 Apr 2024
  • 10 Minutes to read
  • Contributors

    API


      Article summary

      About Harmony SASE

      Harmony SASE provides secure access to local networks, applications and cloud infrastructures with one unified platform. By transforming the outdated, hardware-based security appliances into a cloud-based SaaS solution, we are simplifying network security for the modern and distributed workforce and helping organizations of all sizes and in many industries to secure their remote workers.

      Classes

      The main path classes are Users, Groups, Addons, and Networks.

      • Users, also known as members, belong to Groups.
      • Groups consist of applications, networks, VPN locations, and users.
      • Addons consist of license and billing information for members and gateways, and form the basis of a Subscription.
      • Networks hold information, such as geographic location, regions, health status, and details about instances and regional identity providers.

      See Schemas below.

      Getting Started

      In order to access the Harmony SASE API, the user must belong to either the Premium Plus or Enterprise plan. If the user does not belong to one of the plans, in the workspace Settings page, the message ‘Your current plan doesn’t include API Support’ will appear under API Support.

      Authentication and Authorization

      The Swagger Editor (https://editor.swagger.io) is the gateway for the actual API environment.

      Harmony SASE uses two-step secure tokens for authentication. The first token, known as the API key, is used to generate the second token, a time-based access token.

      Following are instructions for generating the tokens.

      1. In the web client API Support page, select Generate New Token.
      2. In the Generate New Token dialog box, enter the name of the token in the Name box.
      3. In the Expiration Date list, select an expiration date or the default ‘Never’.
      4. In the Define token section, select the needed permissions, such as ‘View list of users’, ‘Add a new member’, and ‘Delete’, in the list.
      5. Select Generate to create the first token.
      6. At the top of the API Support page, the ‘Token was generated successfully. Copied to clipboard’ message will appear. In the Active Tokens list, you can see the new token.
      7. Generate the access token with a call to the POST /v1/auth/authorize endpoint, described below.
      8. In the Swagger UI, select Authorize.
      9. In the Authorize prompt, paste the access token generated by the API call.

      The time-based access token is generated. Now you can use any of the APIs in the Swagger environment within the time limit of the access token.

      Following is the Authorize call:

      POST /v1/auth/authorize

      Each access token expires at the end of 1 hour.

      Parameters: None

      Request Body:

      Property Data TypeDescription
      grantTypeStringAuthorize request type: 'api_key'.
      apiKeyStringAPI key from Generate New Token in the web client.

      Request Example:

      curl -X ‘POST’ \  ‘https://api.perimeter81.biz/api/rest/v1/auth/authorize’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \  -d ‘{      "grantType": "api_key",      "apiKey": "[KEY-FROM-GENERATE]"}’

      Response:

      Status Code

      Message/JSON Response Body

      Description

      200

      See Response Body table below.

      Success. Access token and expiration time returned.

      Response Body:

      PropertyData TypeDescription

      data

      Object

      Return object with access token and its expiration timestamp.

      token

      String

      Type of token. Value is ‘bearer’.

      accessToken

      String

      Access token. Expires according to accessTokenExpire.

      accessTokenExpire

      String

      Timestamp of access token’s expiration.

      Response Example:

      {    "data": {          "tokenType": "bearer",          "accessToken": "[THE_ACCESS_TOKEN]",          "accessTokenExpire": [TIMESTAMP]     }}

      Now you can use the APIs for external calls during the next hour.

      Base URI

      The base URI to the API is https://api.perimeter81.biz/api/rest.

      Media Type

      The media type for all requests is application/json for all requests.

      Basic Workflow

      The basic workflow consists of:

      1. Add users (members) using POST /v1/users.
      2. Create groups using POST /v1/groups.
      3. Add members to groups using POST /v1/groups/{groupId}/member/{userId}.
      4. Add licenses for members and gateways using POST /v1/addons/members and POST /v1/addons/gateways.
      5. Check the health of the networks using GET /v1/networks/{id}.
      6. Use the GET and DELETE methods to manage the Users and Groups resources.

      Users

      The Users methods manage the Users resource. Users belong to Groups.

      POST /v1/users

      Create a new user.

      Parameters: None

      Request Body: CreateUserDto

      Request Example:

      curl -X ‘POST’ \  ‘https://api.perimeter81.biz/api/rest/v1/users’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \  -d ‘{            "idpType": "database",             "accessGroups": [ "string" ],             "email": "string",             "emailVerified": true,             "inviteMessage": "string",             "profileData": {                 "firstName": "string",                 "lastName": "string",                 "roleName": "string",                 "phone": "string",                 "icon": "string"         },         "origin": "string" }’

      Response:

      Status Code

      Message/Response Body

      Description

      201

      User

      Success. Resource is created.

      400


      Bad request.

      Response Example:

      {     "terminated": true,     "email": "string",     "emailVerified": true,     "initials": "string",     "roleName": "string",     "lastName": "string",     "firstName": "string",     "username": "string",     "id": "string" } 

      GET /v1/users

      Get a paginated list of users.

      Parameters:

      PropertyData TypeDescription
      pageIntegerPage to start from.
      limitIntegerNumber of records per page.
      qStringSearch string or URL encoded JSON.
      qTypeStringType of search. One of:
      • full [default]
      • partial
      qOperatorStringApplicable only if qType equals 'partial'. One of:
      • and
      • or [default]
      sortObjectMap of fields and sort order.
      {
          "field1": "asc",
          "field2": "desc"
      }
      Example: ?sort[field1]=asc&sort[field2]=desc

      Request Body: None

      Request Example:

      curl – X ‘GET’ \  ‘https://api.perimeter81.biz/api/rest/v1/users/?page=2&limit=25&q=Ace&qType=full’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status Code

      Message/Response Body

      Description

      200

      UserList

      Success. List of users is returned.

      Response Example:

      {      "data": [      {         "terminated": true,         "email": "string",         "emailVerified": true,         "initials": "string",         "roleName": "string",         "lastName": "string",         "firstName": "string",         "username": "string",         "id": "string"         }     ],     "page": 1,     "totalPage": 1,     "itemsTotal": 10 }

      DELETE /v1/users/{id}

      Delete a user.

      Parameters:

      Property

      Data Type

      Description

      id*

      String

      ID of user to delete.

      Request Body: None

      Request Example:

      curl – X ‘DELETE’ \  ‘https://api.perimeter81.biz/api/rest/v1/users/?id=47438’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status Code

      Message/Response Body

      Description

      200

      User

      Success. User deleted.

      404


      Not found.

      Response Example:

      {    "terminated": true,    "email": "string",     "emailVerified": true,     "initials": "string",     “rolename”: “string”,    "lastName": "string",        "firstName": "string",     "username": "string",    "id": "string" }

      Groups

      Groups contain applications, networks, VPN locations, and members (users) that have access to resources.

      POST /v1/groups

      Create an access group which holds applications, networks, VPN locations, and users.

      Parameters: None

      Request Body: CreateGroupDto

      Request Example:

      curl -x ‘POST’ \  ‘https://api.perimeter81.biz/api/rest/v1/groups/?groupId=43533&userId=981347’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \  -d ‘{  “name”; “string”,  “description: “string”}’

      Response:

      Status Code

      Message/Response Body

      Description

      201

      Group

      Success. Group created.

      Response Example:

      {     "name": "string",     "isDefault": true,     "applications": [         "string"     ],    "networks": [         "string"    ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],     "id": "string" }

      GET /v1/groups

      Get a paginated list of groups.

      Parameters:

      Property

      Data Type

      Description

      page

      Integer

      Page to start from.

      limit

      Integer

      Number of records per page.

      sort

      Object

      Map of fields and sort order. Example:
      ?sort[field1]=asc&sort[field2]=desc.

      Request Body: None

      Request Example:

      curl – X ‘GET’ \  ‘https://api.perimeter81.biz/api/rest/v1/groups/?page=2&limit=25&sort[field]=asc’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status Code

      Message/Response Body

      Description

      200

      GroupList

      Success. List returned.

      Response Example:

      {     "data": [         {             "name": "string",             "isDefault": true,             "applications": [                "string"             ],             "networks": [                "string"             ],             "vpnLocations": [                "string"             ],             "users": [                "string"             ],             "id": "string"         }     ],     "page": 1,     "totalPage": 1,     "itemsTotal": 10 }

      DELETE /v1/groups/{id}

      Delete a group by ID.

      Parameters:

      PropertyData TypeDescription
      id*StringID of group to delete.

      Request Body: None

      Request Example:

      curl – X ‘DELETE’ \  ‘https://api.perimeter81.biz/api/rest/v1/groups/?id=4732276’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status CodeMessage/Response BodyDescription
      200GroupSuccess. Group deleted.

      Response Example:

      {     "name": "string",     "isDefault": true,     "applications": [         "string"     ],     "networks": [         "string"     ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],    "id": "string" }

      POST /v1/groups/{groupId}/member/{userId}

      Add a member to a group.

      Parameters:

      PropertyData TypeDescription
      groupId*StringID of group.
      userId*StringID of user.

      Request Body: None

      Request Example:

      curl – X ‘POST’ \  ‘https://api.perimeter81.biz/api/rest/v1/groups/?groupId=43533/member/?userId=981347’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status CodeMessage/Response BodyDescription
      201GroupSuccess. Group member added.

      Response Example:

      {     "name": "string",     "isDefault": true,     "applications": [         "string"     ],     "networks": [         "string"     ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],    "id": "string" }

      DELETE /v1/groups/{groupId}/member/{userId}

      Delete a member from a group.

      Parameters:

      PropertyData TypeDescription
      groupid*StringID of group that member belongs to.
      userid*StringID of member to delete from the group.

      Request Body: None

      Request Example:

      curl – X ‘DELETE’ \  ‘https://api.perimeter81.biz/api/rest/v1/groups/?groupId=G732276/member/?userId=4743568’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status CodeMessage/Response BodyDescription
      200GroupSuccess. Member removed from group.

      Response Example:

      {     "name": "string",     "isDefault": true,     "applications": [         "string"     ],     "networks": [         "string"     ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],    "id": "string" }

      Addons

      Each addon is a purchased license for a member (users) or a gateway.

      GET /v1/addons

      Get a list of addons.

      Parameters: None

      Request Body: None

      Request Example:

      curl – X ‘GET’ \  ‘https://api.perimeter81.biz/api/rest/v1/addons’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status CodeMessage/Response BodyDescription
      200AddonsStatisticsListSuccess. List of addons returned.

      Response Example:

      {     "data": [        {            "remaining": 0,            "expired": 0,            "total": 0,            "additionalType": "string",            "used": 0        }    ] }

      POST /v1/addons/members

      Add the number of purchased licenses for members.

      Parameters: None

      Request Body: BuyAddonsDto

      Request Example:

      curl – X ‘POST’ \  ‘https://api.perimeter81.biz/api/rest/v1/addons/members’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \  -d ‘{  “amount”: 1}’

      Response:

      Status CodeMessage/Response BodyDescription
      200SubscriptionSuccess. Subscription object with a list of addons returned.

      Response Example:

      {     "addons": [       {             "amount": 0,             "quantity": 0,             "additionalType": "string",             "currencyCode": "string",             "pricingModel": "string",             "periodUnit": "string",             "status": "string",             "price": 0,             "id": "string"         }     ],     "currencyCode": "string",     "deleted": true,     "status": "string",     "billingPeriodUnit": "string",     "id": "string"}

      POST /v1/addons/gateways

      Add the number of purchased gateway licenses.

      Parameters: None

      Request Body: BuyAddonsDto

      Request Example:

      curl – X ‘POST’ \  ‘https://api.perimeter81.biz/api/rest/v1/addons/gateways’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \  -d ‘{  “amount”: 1}’

      Response:

      Status CodeMessage/Response BodyDescription
      200SubscriptionSuccess. Subscription object with a list of addons returned.

      Response Example:

      {     "addons": [       {             "amount": 0,             "quantity": 0,             "additionalType": "string",             "currencyCode": "string",             "pricingModel": "string",             "periodUnit": "string",             "status": "string",             "price": 0,             "id": "string"         }     ],     "currencyCode": "string",     "deleted": true,     "status": "string",     "billingPeriodUnit": "string",     "id": "string"}

      Networks

      View network resources.

      GET /v1/networks

      Get list of networks.

      Parameters: None

      Request Body: None

      Request Example:

      curl – X ‘GET’ \  ‘https://api.perimeter81.biz/api/rest/v1/networks’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status CodeMessage/Response BodyDescription
      200NetworkListSuccess. List of networks returned.

      Response Example:

      {     "data": [         {              "geoPoint": {                  "__type": "string",                 "latitude": 0,                 "longitude": 0 },                 "name": "string",                 "isDefault": true,                 "regions": [                     {                         "geoPoint": {                            "__type": "string",                            "latitude": 0,                            "longitude": 0                         },                        "name": "string",                        "instances": [                          {                              "tunnels": "string",                              "id": "string"                          }                       ],                       "provider": {                           "region": "string",                           "continentCode": "string",                           "countryCode": "string"                       },                       "id": "string"                   }              ],               "id": "string"          }     ] }

      GET /v1/networks/{id}

      Get the health status of a network.

      Parameters:

      PropertyData TypeDescription
      id*StringID of network.

      Request Body: None

      Request Example:

      curl – X ‘GET’ \  ‘https://api.perimeter81.biz/api/rest/v1/networks/?id=4732276437’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

      Response:

      Status CodeMessage/Response BodyDescription
      200NetworkHealthHealth of network.

      Response Example:

      {     "health": [         {             "type": "string",             "meta": {                 "networkId": "string",                 "instanceId": "string"             },            "status": true        }     ] }

      Schemas

      Addon

      Information for a single addon. Found in Subscription.

      PropertyData TypeDescription
      amount*NumberNumber of new addons to purchase.
      quantity*NumberTotal number of addons.
      additionalTypeStringInternal name of addon.
      currencyCodeString ISO currency code. Currently, only 'USD'.
      pricingModel
      String
      Addon pricing model. One of:
      • volume
      • per_unit
      • flat_fee
      periodUnit*StringPayment period. One of:
      • month
      • year
      statusStringAddon status. Value 'active'.
      price*NumberPrice of addon.
      id*StringID of addon.

      AddonStatistics

      Statistics for a single addon. Found in AddonsStatisticsList.

      PropertyData TypeDescription
      remaining*NumberNumber of addons remaining.
      expired*NumberNumber of addons that expired.
      total*NumberTotal number of addons.
      additionalType*StringInternal name of addon.
      used*NumberNumber of addons used.

      AddonsStatisticsList

      List of statistics for all addons. Response to GET /v1/addons.

      PropertyData TypeDescription
      data*Array of AddonStatisticsList of addon statistics.

      BuyAddonsDto

      DTO for purchasing addons. Request body in POST /v1/addons/members and POST /v1/addons/gateways.

      PropertyData TypeDescription
      amount*IntegerNumber of addons to purchase. Minimum 1.

      CreateGroupDto

      DTO for creating a group. Request body in POST /v1/groups.

      Property

      Data Type

      Description

      name

      String

      Name of group.

      description

      String

      Description of group.

      CreateUserDto

      DTO for creating a user. Request body in POST /v1/users.

      Property

      Data Type

      Description

      idpType

      String

      Type of identity provider. One of:

      • database
      • saml
      • gsuite
      • okta
      • azureAD
      • adLdap

      See idpType.

      accessGroups

      Array of String

      List of access Groups to which user belongs.

      email*

      String ($UTF8)

      User’s email address.

      emailVerified

      Boolean

      Whether email is verified (true).

      inviteMessage*

      String

      Invitation message.

      profileData

      ProfileSchema

      Profile information.

      origin

      String ($UTF8)

      Source. Minimum length of 1.

      Group

      Data for a single group. Response to POST /v1/groups, DELETE /v1/groups/{id}, POST /v1/groups/{groupId}/member/{userId}, and DELETE /v1/groups/{groupId}/member/{userId}. Found in GroupList.

      PropertyData TypeDescription
      name*StringName of group.
      isDefault*BooleanWhether group is the default (true).
      applications*Array of StringList of group applications.
      networks*Array of StringList of group networks.
      vpnLocations*Array of StringList of group VPN locations.
      users*Array of StringList of group members.
      id*StringGroup ID.

      GroupList

      List of Group. Response to GET /v1/groups.

      PropertyData TypeDescription
      data*Array of GroupList of groups.
      page*NumberPage number.
      totalPage*NumberNumber of pages in list.
      itemsTotal*NumberNumber of items in list.

      Network

      Network information. Found in NetworkList.

      PropertyData TypeDescription
      geoPoint*NetworkGeoPointNetwork geographical point information.
      name*StringName of network.
      isDefault*BooleanWhether network is the default (true).
      regions*Array of NetworkRegionList of network regions.
      id*StringID of network.

      NetworkGeoPoint

      Geographical point information. Found in Network and NetworkRegion.

      PropertyData TypeDescription
      __type*StringGeo point type. Private.
      latitude*NumberGeo point latitude.
      longitude*NumberGeo point longitude.

      NetworkHealth

      Health status of network health. Response to GET /v1/networks/{id}.

      PropertyData TypeDescription
      health*Array of NetworkStatusList of network statuses.

      NetworkInstance

      A network instance. Found in NetworkRegion.

      PropertyData TypeDescription
      tunnels*StringTunnels.
      id*StringID of instance.

      NetworkList

      List of networks. Response to GET /v1/networks.

      PropeertyData TypeDescription
      data*Array of NetworkList of networks.

      NetworkMeta

      Metadata for a network. Found in NetworkStatus.

      PropertyData TypeDescription
      networkId*StringID of network.
      instanceId*StringID of instance.

      NetworkProvider

      Provider of the network. Found in NetworkRegion.

      PropertyData TypeDescription
      region*StringProvider region.
      continentCode*StringProvider continent code.
      countryCode*StringProvider country code.

      NetworkRegion

      Network region. Found in Network.

      PropertyData TypeDescription
      geoPoint*NetworkGeoPointNetwork's geographical points.
      name*StringName of region.
      instances*Array of NetworkInstanceList of network instances.
      provider*NetworkProviderNetwork provider.
      id*StringID of region.

      NetworkStatus

      Status of an individual network. Found in NetworkHealth.

      PropertyData TypeDescription
      type*StringNetwork type. Currently, only 'gateway'.
      meta*NetworkMetaMetadata for a network.
      status*BooleanWhether network is active (true).

      PaginatedList

      Object for a paginated list.

      PropertyData TypeDescription
      page*NumberPage number.
      totalPage*NumberNumber of pages in list.
      itemsTotal*NumberNumber of items in list.

      PaginationQueryDto

      DTO for query about pagination options.

      PropertyData TypeDescription
      pageIntegerPage to start from. Minimum 1.
      limitIntegerNumber of records per page. Maximum 100.

      ProfileSchema

      Profile information. Found in CreateUserDto.

      PropertyData TypeDescription
      firstNameStringFirst name of user.
      lastNameStringLast name of user.
      roleNameStringName of user's role.
      phoneStringTelephone.
      iconStringUser's icon, if any.

      SearchQueryDto

      DTO for query of search options.

      PropertyData TypeDescription
      qStringSearch string or URL encoded JSON.
      qTypeStringType of search. One of:
      • full [default]
      • partial
      qOperatorStringApplicable only if qType equals 'partial'. One of:
      • and
      • or [default]

      SortQueryDto

      DTO for query of sort options.

      PropertyData TypeDescription
      sortStringMap of fields and sort order. Example:
       ?sort=[field1]=asc&sort[field2]=desc

      Subscription

      List of subscription addons. Response to POST /v1/addons/members and POST /v1/addons/gateways.

      PropertyData TypeDescription
      addons*Array of AddonList of subscription addons.
      currencyCode*StringISO currency code. Currently, only 'USD'.
      deleted*BooleanWhether subscription is deleted (true).
      status*StringStatus of subscription. One of:
      • non_renewing
      • active
      billingPeriodUnit*StringUnit of billing period. Currently, only '1'.
      id*StringID of subscription.

      User

      A user, also known as a member. Response to POST /v1/users and DELETE /v1/users/{id}. Found in UserList.

      PropertyData TypeDescription
      terminated*BooleanWhether user is deleted (true).
      email*String ($UTF8)User email.
      emailVerified*BooleanWhether email is verified (true).
      initials*StringUser initials.
      roleName*StringUser role.
      lastName*StringUser last name.
      firstname*StringUser first name.
      id*StringID of user.

      UserList

      List of users. Response to GET /v1/users.

      PropertyData TypeDescription
      data*Array of UserList of users.
      page*NumberNumber of page.
      totalPage*NumberNumber of pages in list.
      itemsTotal*NumberNumber of items in list.

      UserProfileDto

      DTO for user profile. Found in CreateUserDto.

      PropertyData TypeDescription
      firstNameStringPattern: ^[a-z ‘-]+$
      maxLength: 30
      lastNameStringPattern: ^[a-z ‘-]+$
      maxLength: 30
      roleNameStringName of role.
      phone StringPattern: ^[+] {0,1} [0-9] {11,15} $
      maxLength: 30
      iconStringUser icon.

      Enumerations

      idpType

      Type of the identity provider. Found in CreateUserDto.

      ValueDescription
      databaseDatabase-based authentication.
      samlSecurity Assertion Markup Language standard for authentication and authorization.
      gsuiteGoogle Workspace cloud tool.
      oktaOkta identity and access management.
      azureADMicrosoft Entra ID (formerly Azure Active Directory) authentication.
      adLdapPHP class that provides LDAP authentication and integration with Active Directory.

      qOperator

      Search operation only applicable if qType equals ‘partial’. Found in SearchQueryDto.

      ValueDescription
      andBoolean operator for all values required.
      orBoolean operator for at least one value is required [default].

      qType

      Type of search. Found in SearchQueryDto.

      ValueDescription
      fullFull search [default]
      partialPartial search. Partial search query can include qOperator.

      Was this article helpful?