API

  • Updated on Aug 1, 2023
  • Published on Jun 14, 2020
  • 10 minute(s) read
  • Perimeter Support
  • SS
 Prev Next

About Harmony SASE

Harmony SASE provides secure access to local networks, applications and cloud infrastructures with one unified platform. By transforming the outdated, hardware-based security appliances into a cloud-based SaaS solution, we are simplifying network security for the modern and distributed workforce and helping organizations of all sizes and in many industries to secure their remote workers.

Classes

The main path classes are Users, Groups, Addons, and Networks.

  • Users, also known as members, belong to Groups.
  • Groups consist of applications, networks, locations, and users.
  • Addons consist of license and billing information for members and gateways and form the basis of a Subscription.
  • Networks hold information, such as geographic location, regions, health status, and details about instances and regional identity providers.

See Schemas below.

Getting Started

In order to access the Harmony SASE API, the user must belong to either the Premium Plus or Enterprise plan. If the user does not belong to one of the plans, in the Settings page, the message ‘Your current plan doesn’t include API Support’ will appear under API Support.

Authentication and Authorization

Note
You may use the Swagger Editor (https://editor.swagger.io) as the gateway for the actual API environment and send different API requests to the platform.

Harmony SASE uses two-step secure tokens for authentication. The first token, known as the API key, is used to generate the second token, a time-based access token.

Following are instructions for generating the tokens.

  1. In the web client API Support page, select Generate New Token.
  2. In the Generate New Token dialog box, enter the name of the token in the Name box.
  3. In the Expiration Date list, select an expiration date or the default ‘Never’.
  4. In the Define token section, select the needed permissions, such as ‘View list of users’, ‘Add a new member’, and ‘Delete’, in the list.
  5. Select Generate to create the first token.
  6. At the top of the API Support page, the ‘Token was generated successfully. Copied to clipboard’ message will appear. In the Active Tokens list, you can see the new token.
  7. Generate the access token with a call to the POST /v1/auth/authorize endpoint, described below.
  8. In the Swagger UI, select Authorize.
  9. In the Authorize prompt, paste the access token generated by the API call.

The time-based access token is generated. Now you can use any of the APIs in the Swagger environment within the time limit of the access token.

Following is the Authorize call:

POST /v1/auth/authorize

Each access token expires at the end of 1 hour.

Parameters: None

Request Body:

Property Data TypeDescription
grantTypeStringAuthorize request type: 'api_key'.
apiKeyStringAPI key from Generate New Token in the web client.

Request Example:


curl -X 'POST'   'https://api.perimeter81.com/api/v1/auth/authorize'  -H 'accept: application/json'  -H 'Content-Type: application/json' -d '{      "grantType": "api_key",      "apiKey": "[KEY-FROM-GENERATE]"}'

Response:

Status Code

Message/JSON Response Body

Description

200

See Response Body table below.

Success. Access token and expiration time returned.

Response Body:

PropertyData TypeDescription

data

Object

Return object with access token and its expiration timestamp.

token

String

Type of token. Value is ‘bearer’.

accessToken

String

Access token. Expires according to accessTokenExpire.

accessTokenExpire

String

Timestamp of access token’s expiration.

Response Example:


{    "data": {          "tokenType": "bearer",          "accessToken": "[THE_ACCESS_TOKEN]",          "accessTokenExpire": [TIMESTAMP]     }}

Now you can use the APIs for external calls during the next hour.

Base URI

The base URI to the API is https://api.perimeter81.com/api/rest.

Media Type

The media type for all requests is application/json for all requests.

Basic Workflow

The basic workflow consists of:

  1. Add users (members) using POST /v1/users.
  2. Create groups using POST /v1/groups.
  3. Add members to groups using POST /v1/groups/{groupId}/member/{userId}.
  4. Add licenses for members and gateways using POST /v1/addons/members and POST /v1/addons/gateways.
  5. Check the health of the networks using GET /v1/networks/{id}.
  6. Use the GET and DELETE methods to manage the Users and Groups resources.

Users

The Users methods manage the Users resource. Users belong to Groups.

POST /v1/users

Create a new user.

Parameters: None

Request Body: CreateUserDto

Request Example:


curl -X 'POST'  'https://api.perimeter81.com/api/rest/v1/users'  -H 'accept: application/json' -H 'Content-Type: application/json' -d '{            "idpType": "database",             "accessGroups": [ "string" ],             "email": "string",             "emailVerified": true,             "inviteMessage": "string",             "profileData": {                 "firstName": "string",                 "lastName": "string",                 "roleName": "string",                 "phone": "string",                 "icon": "string"         },         "origin": "string" }'

Response:

Status Code

Message/Response Body

Description

201

User

Success. Resource is created.

400


Bad request.

Response Example:

{     "terminated": true,     "email": "string",     "emailVerified": true,     "initials": "string",     "roleName": "string",     "lastName": "string",     "firstName": "string",     "username": "string",     "id": "string" }

GET /v1/users

Get a paginated list of users.

Parameters:

PropertyData TypeDescription
pageIntegerPage to start from.
limitIntegerThe number of records per page.
qStringSearch string or URL encoded JSON.
qTypeStringType of search. One of:
  • full [default]
  • partial
qOperatorStringApplicable only if qType is set to 'partial'. One of:
  • and
  • or [default]
sortObjectMap of fields and sort order.
{
    "field1": "asc",
    "field2": "desc"
}
Example: ?sort[field1]=asc&sort[field2]=desc

Request Body: None

Request Example:

curl -X GET -H 'Authorization: Bearer <ACCESS_TOKEN>' / 
-H 'Content-Type: application/json' 'https://api.perimeter81.com/api/rest/v1/users?page=1&qType=partial'

Response:

Status Code

Message/Response Body

Description

200

UserList

Success. List of users is returned.

Response Example:

{      "data": [      {         "terminated": true,         "email": "string",         "emailVerified": true,         "initials": "string",         "roleName": "string",         "lastName": "string",         "firstName": "string",         "username": "string",         "id": "string"         }     ],     "page": 1,     "totalPage": 1,     "itemsTotal": 10 }

DELETE /v1/users/{id}

Delete a user.

Parameters:

Property

Data Type

Description

id*

String

ID of user to delete.

Request Body: None

Request Example:


curl – X 'DELETE'  'https://api.perimeter81.com/api/rest/v1/users/?id=47438'  -H 'accept: application/json'  -H 'Content-Type: application/json'

Response:

Status Code

Message/Response Body

Description

200

User

Success. User deleted.

404


Not found.

Response Example:

{    "terminated": true,    "email": "string",     "emailVerified": true,     "initials": "string",     “rolename”: “string”,    "lastName": "string",        "firstName": "string",     "username": "string",    "id": "string" }

Groups

Groups contain applications, networks, VPN locations, and members (users) that have access to resources.

POST /v1/groups

Create an access group which holds applications, networks, VPN locations, and users.

Parameters: None

Request Body: CreateGroupDto

Request Example:


curl -x 'POST'  'https://api.perimeter81.com/api/rest/v1/groups/?groupId=43533&userId=981347'  -H 'accept: application/json'  -H 'Content-Type: application/json'  -d '{  “name”; “string”,  “description: “string”}'

Response:

Status Code

Message/Response Body

Description

201

Group

Success. Group created.

Response Example:

{     "name": "string",     "isDefault": true,     "applications": [         "string"     ],    "networks": [         "string"    ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],     "id": "string" }

GET /v1/groups

Get a paginated list of groups.

Parameters:

Property

Data Type

Description

page

Integer

Page to start from.

limit

Integer

Number of records per page.

sort

Object

Map of fields and sort order. Example:
?sort[field1]=asc&sort[field2]=desc.

Request Body: None

Request Example:


curl – X ‘GET’ \  ‘https://api.perimeter81.com/api/rest/v1/groups/?page=2&limit=25&sort[field]=asc’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

Response:

Status Code

Message/Response Body

Description

200

GroupList

Success. List returned.

Response Example:

{     "data": [         {             "name": "string",             "isDefault": true,             "applications": [                "string"             ],             "networks": [                "string"             ],             "vpnLocations": [                "string"             ],             "users": [                "string"             ],             "id": "string"         }     ],     "page": 1,     "totalPage": 1,     "itemsTotal": 10 }

DELETE /v1/groups/{id}

Delete a group by ID.

Parameters:

PropertyData TypeDescription
id*StringID of group to delete.

Request Body: None

Request Example:


curl – X 'DELETE'  'https://api.perimeter81.com/api/rest/v1/groups/?id=4732276'  -H 'accept: application/json'  -H 'Content-Type: application/json'

Response:

Status CodeMessage/Response BodyDescription
200GroupSuccess. Group deleted.

Response Example:

{     "name": "string",     "isDefault": true,     "applications": [         "string"     ],     "networks": [         "string"     ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],    "id": "string" }

POST /v1/groups/{groupId}/member/{userId}

Add a member to a group.

Parameters:

PropertyData TypeDescription
groupId*StringID of group.
userId*StringID of user.

Request Body: None

Request Example:


curl – X 'POST'  'https://api.perimeter81.com/api/rest/v1/groups/?groupId=43533/member/?userId=981347'  -H 'accept: application/json'  -H 'Content-Type: application/json'

Response:

Status CodeMessage/Response BodyDescription
201GroupSuccess. Group member added.

Response Example:

{     "name": "string",     "isDefault": true,     "applications": [         "string"     ],     "networks": [         "string"     ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],    "id": "string" }

DELETE /v1/groups/{groupId}/member/{userId}

Delete a member from a group.

Parameters:

PropertyData TypeDescription
groupid*StringID of group that member belongs to.
userid*StringID of member to delete from the group.

Request Body: None

Request Example:


curl – X 'DELETE'  'https://api.perimeter81.com/api/rest/v1/groups/?groupId=G732276/member/?userId=4743568'  -H 'accept: application/json'  -H 'Content-Type: application/json'

Response:

Status CodeMessage/Response BodyDescription
200GroupSuccess. Member removed from group.

Response Example:

{     "name": "string",     "isDefault": true,     "applications": [         "string"     ],     "networks": [         "string"     ],     "vpnLocations": [         "string"     ],     "users": [         "string"     ],    "id": "string" }

Addons

Each addon is a purchased license for a member (users) or a gateway.

GET /v1/addons

Get a list of addons.

Parameters: None

Request Body: None

Request Example:


curl – X 'GET'   'https://api.perimeter81.com/api/rest/v1/addons' -H 'accept: application/json'  -H 'Content-Type: application/json'

Response:

Status CodeMessage/Response BodyDescription
200AddonsStatisticsListSuccess. List of addons returned.

Response Example:

{     "data": [        {            "remaining": 0,            "expired": 0,            "total": 0,            "additionalType": "string",            "used": 0        }    ] }

POST /v1/addons/members

Add the number of purchased licenses for members.

Parameters: None

Request Body: BuyAddonsDto

Request Example:


curl – X 'POST'  'https://api.perimeter81.com/api/rest/v1/addons/members'   -H 'accept: application/json'   -H 'Content-Type: application/json'   -d '{  “amount”: 1}'

Response:

Status CodeMessage/Response BodyDescription
200SubscriptionSuccess. Subscription object with a list of addons returned.

Response Example:

{     "addons": [       {             "amount": 0,             "quantity": 0,             "additionalType": "string",             "currencyCode": "string",             "pricingModel": "string",             "periodUnit": "string",             "status": "string",             "price": 0,             "id": "string"         }     ],     "currencyCode": "string",     "deleted": true,     "status": "string",     "billingPeriodUnit": "string",     "id": "string"}

POST /v1/addons/gateways

Add the number of purchased gateway licenses.

Parameters: None

Request Body: BuyAddonsDto

Request Example:


curl – X 'POST'   'https://api.perimeter81.com/api/rest/v1/addons/gateways'  -H 'accept: application/json'   -H 'Content-Type: application/json'   -d '{  “amount”: 1}'

Response:

Status CodeMessage/Response BodyDescription
200SubscriptionSuccess. Subscription object with a list of addons returned.

Response Example:

{     "addons": [       {             "amount": 0,             "quantity": 0,             "additionalType": "string",             "currencyCode": "string",             "pricingModel": "string",             "periodUnit": "string",             "status": "string",             "price": 0,             "id": "string"         }     ],     "currencyCode": "string",     "deleted": true,     "status": "string",     "billingPeriodUnit": "string",     "id": "string"}

Networks

View network resources.

GET /v1/networks

Get list of networks.

Parameters: None

Request Body: None

Request Example:


curl – X ‘GET’ \  ‘https://api.perimeter81.com/api/rest/v1/networks’ \  -H ‘accept: application/json’ \  -H ‘Content-Type: application/json’ \

Response:

Status CodeMessage/Response BodyDescription
200NetworkListSuccess. List of networks returned.

Response Example:

{     "data": [         {              "geoPoint": {                  "__type": "string",                 "latitude": 0,                 "longitude": 0 },                 "name": "string",                 "isDefault": true,                 "regions": [                     {                         "geoPoint": {                            "__type": "string",                            "latitude": 0,                            "longitude": 0                         },                        "name": "string",                        "instances": [                          {                              "tunnels": "string",                              "id": "string"                          }                       ],                       "provider": {                           "region": "string",                           "continentCode": "string",                           "countryCode": "string"                       },                       "id": "string"                   }              ],               "id": "string"          }     ] }

GET /v1/networks/{id}

Get the health status of a network.

Parameters:

PropertyData TypeDescription
id*StringID of network.

Request Body: None

Request Example:


curl – X 'GET'  'https://api.perimeter81.com/api/rest/v1/networks/?id=4732276437'  -H 'accept: application/json'  -H 'Content-Type: application/json'

Response:

Status CodeMessage/Response BodyDescription
200NetworkHealthHealth of network.

Response Example:

{     "health": [         {             "type": "string",             "meta": {                 "networkId": "string",                 "instanceId": "string"             },            "status": true        }     ] }

Schemas

Addon

Information for a single addon. Found in Subscription.

PropertyData TypeDescription
amount*NumberNumber of new addons to purchase.
quantity*NumberTotal number of addons.
additionalTypeStringInternal name of addon.
currencyCodeString ISO currency code. Currently, only 'USD'.
pricingModel
String
Addon pricing model. One of:
  • volume
  • per_unit
  • flat_fee
periodUnit*StringPayment period. One of:
  • month
  • year
statusStringAddon status. Value 'active'.
price*NumberPrice of addon.
id*StringID of addon.

AddonStatistics

Statistics for a single addon. Found in AddonsStatisticsList.

PropertyData TypeDescription
remaining*NumberNumber of addons remaining.
expired*NumberNumber of addons that expired.
total*NumberTotal number of addons.
additionalType*StringInternal name of addon.
used*NumberNumber of addons used.

AddonsStatisticsList

List of statistics for all addons. Response to GET /v1/addons.

PropertyData TypeDescription
data*Array of AddonStatisticsList of addon statistics.

BuyAddonsDto

DTO for purchasing addons. Request body in POST /v1/addons/members and POST /v1/addons/gateways.

PropertyData TypeDescription
amount*IntegerNumber of addons to purchase. Minimum 1.

CreateGroupDto

DTO for creating a group. Request body in POST /v1/groups.

Property

Data Type

Description

name

String

Name of group.

description

String

Description of group.

CreateUserDto

DTO for creating a user. Request body in POST /v1/users.

Property

Data Type

Description

idpType

String

Type of identity provider. One of:

  • database
  • saml
  • gsuite
  • okta
  • azureAD
  • adLdap

See idpType.

accessGroups

Array of String

List of access Groups to which user belongs.

email*

String ($UTF8)

User’s email address.

emailVerified

Boolean

Whether email is verified (true).

inviteMessage*

String

Invitation message.

profileData

ProfileSchema

Profile information.

origin

String ($UTF8)

Source. Minimum length of 1.

Group

Data for a single group. Response to POST /v1/groups, DELETE /v1/groups/{id}, POST /v1/groups/{groupId}/member/{userId}, and DELETE /v1/groups/{groupId}/member/{userId}. Found in GroupList.

PropertyData TypeDescription
name*StringName of group.
isDefault*BooleanWhether group is the default (true).
applications*Array of StringList of group applications.
networks*Array of StringList of group networks.
vpnLocations*Array of StringList of group VPN locations.
users*Array of StringList of group members.
id*StringGroup ID.

GroupList

List of Group. Response to GET /v1/groups.

PropertyData TypeDescription
data*Array of GroupList of groups.
page*NumberPage number.
totalPage*NumberNumber of pages in list.
itemsTotal*NumberNumber of items in list.

Network

Network information. Found in NetworkList.

PropertyData TypeDescription
geoPoint*NetworkGeoPointNetwork geographical point information.
name*StringName of network.
isDefault*BooleanWhether network is the default (true).
regions*Array of NetworkRegionList of network regions.
id*StringID of network.

NetworkGeoPoint

Geographical point information. Found in Network and NetworkRegion.

PropertyData TypeDescription
__type*StringGeo point type. Private.
latitude*NumberGeo point latitude.
longitude*NumberGeo point longitude.

NetworkHealth

Health status of network health. Response to GET /v1/networks/{id}.

PropertyData TypeDescription
health*Array of NetworkStatusList of network statuses.

NetworkInstance

A network instance. Found in NetworkRegion.

PropertyData TypeDescription
tunnels*StringTunnels.
id*StringID of instance.

NetworkList

List of networks. Response to GET /v1/networks.

PropeertyData TypeDescription
data*Array of NetworkList of networks.

NetworkMeta

Metadata for a network. Found in NetworkStatus.

PropertyData TypeDescription
networkId*StringID of network.
instanceId*StringID of instance.

NetworkProvider

Provider of the network. Found in NetworkRegion.

PropertyData TypeDescription
region*StringProvider region.
continentCode*StringProvider continent code.
countryCode*StringProvider country code.

NetworkRegion

Network region. Found in Network.

PropertyData TypeDescription
geoPoint*NetworkGeoPointNetwork's geographical points.
name*StringName of region.
instances*Array of NetworkInstanceList of network instances.
provider*NetworkProviderNetwork provider.
id*StringID of region.

NetworkStatus

Status of an individual network. Found in NetworkHealth.

PropertyData TypeDescription
type*StringNetwork type. Currently, only 'gateway'.
meta*NetworkMetaMetadata for a network.
status*BooleanWhether network is active (true).

PaginatedList

Object for a paginated list.

PropertyData TypeDescription
page*NumberPage number.
totalPage*NumberNumber of pages in list.
itemsTotal*NumberNumber of items in list.

PaginationQueryDto

DTO for query about pagination options.

PropertyData TypeDescription
pageIntegerPage to start from. Minimum 1.
limitIntegerNumber of records per page. Maximum 100.

ProfileSchema

Profile information. Found in CreateUserDto.

PropertyData TypeDescription
firstNameStringFirst name of user.
lastNameStringLast name of user.
roleNameStringName of user's role.
phoneStringTelephone.
iconStringUser's icon, if any.

SearchQueryDto

DTO for query of search options.

PropertyData TypeDescription
qStringSearch string or URL encoded JSON.
qTypeStringType of search. One of:
  • full [default]
  • partial
qOperatorStringApplicable only if qType equals 'partial'. One of:
  • and
  • or [default]

SortQueryDto

DTO for query of sort options.

PropertyData TypeDescription
sortStringMap of fields and sort order. Example:
 ?sort=[field1]=asc&sort[field2]=desc

Subscription

List of subscription addons. Response to POST /v1/addons/members and POST /v1/addons/gateways.

PropertyData TypeDescription
addons*Array of AddonList of subscription addons.
currencyCode*StringISO currency code. Currently, only 'USD'.
deleted*BooleanWhether subscription is deleted (true).
status*StringStatus of subscription. One of:
  • non_renewing
  • active
billingPeriodUnit*StringUnit of billing period. Currently, only '1'.
id*StringID of subscription.

User

A user, also known as a member. Response to POST /v1/users and DELETE /v1/users/{id}. Found in UserList.

PropertyData TypeDescription
terminated*BooleanWhether user is deleted (true).
email*String ($UTF8)User email.
emailVerified*BooleanWhether email is verified (true).
initials*StringUser initials.
roleName*StringUser role.
lastName*StringUser last name.
firstname*StringUser first name.
id*StringID of user.

UserList

List of users. Response to GET /v1/users.

PropertyData TypeDescription
data*Array of UserList of users.
page*NumberNumber of page.
totalPage*NumberNumber of pages in list.
itemsTotal*NumberNumber of items in list.

UserProfileDto

DTO for user profile. Found in CreateUserDto.

PropertyData TypeDescription
firstNameStringPattern: ^[a-z ‘-]+$
maxLength: 30
lastNameStringPattern: ^[a-z ‘-]+$
maxLength: 30
roleNameStringName of role.
phone StringPattern: ^[+] {0,1} [0-9] {11,15} $
maxLength: 30
iconStringUser icon.

Enumerations

idpType

Type of the identity provider. Found in CreateUserDto.

ValueDescription
databaseDatabase-based authentication.
samlSecurity Assertion Markup Language standard for authentication and authorization.
gsuiteGoogle Workspace cloud tool.
oktaOkta identity and access management.
azureADMicrosoft Azure Active Directory authentication.
adLdapPHP class that provides LDAP authentication and integration with Active Directory.

qOperator

Search operation only applicable if qType equals ‘partial’. Found in SearchQueryDto.

ValueDescription
andBoolean operator for all values required.
orBoolean operator for at least one value is required [default].

qType

Type of search. Found in SearchQueryDto.

ValueDescription
fullFull search [default]
partialPartial search. Partial search query can include qOperator.