Pomerium Zero API (0.1.0)

Download OpenAPI specification:Download

user

The user service enables you to manage users and user information within an organization or namespace.

This service also enables you to create API access user accounts and renew API refresh tokens.

deleteCurrentUser

Delete current user

Authorizations:

bearerAuth

Responses

updateCurrentUserInfo

Fetch and update currently logged in user information from the identity provider

Authorizations:

bearerAuth

Responses

Response samples

200
201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"displayName": "string",
"needsOnboarding": true,
"photoUrl": "string",
"type": "user_type_interactive",
"legalTerms": {"property1": {"title": "string",
"url": "string"
},
"property2": {"title": "string",
"url": "string"
}
}
}

completeOnboarding

Complete onboarding

Authorizations:

bearerAuth

Responses

listUsersInNamespace

List users in namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"displayName": "string",
"needsOnboarding": true,
"photoUrl": "string",
"type": "user_type_interactive",
"namespaceRole": "admin"
}
]

removeUserFromNamespace

Remove user from namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace
userId required	string ID of user

Responses

addUserToNamespace

Add user to namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace
userId required	string ID of user

Request Body schema: application/json
required

namespaceRole

required

string (NamespaceRole)

Enum: "admin" "manager" "viewer"

Responses

Request samples

Payload

Content type

application/json

{"namespaceRole": "admin"
}

Response samples

200

Content type

application/json

{ }

listUsersInOrganization

List users

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

userType

string (UserType)

Enum: "user_type_interactive" "user_type_api_access"

Type of user

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"displayName": "string",
"needsOnboarding": true,
"photoUrl": "string",
"type": "user_type_interactive",
"organizationRole": "owner"
}
]

createApiAccessUser

Create API access user account

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

name required	string Freetext user name
role	string (OrganizationRole) Enum: "owner" "admin" "auditor" "member" A high level role that describes the level of access a user has to an organization. Owner: Global namespace admin. Admin: Global namespace admin. Auditor: Global namespace viewer. Member: any user who was granted access to the organization

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"role": "owner"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"displayName": "string",
"needsOnboarding": true,
"photoUrl": "string",
"type": "user_type_interactive",
"refreshToken": "string"
}

removeUserFromOrganization

Remove user from organization

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
userId required	string ID of user

Responses

RenewApiUserRefreshToken

Renews API user refresh token. The userId must be an API user. Obtaining a new refresh token invalidates any previously issued refresh tokens.

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
userId required	string ID of user

Responses

Response samples

200

Content type

application/json

{"refreshToken": "string"
}

invitation

The invitation service is where you can view and respond to pending invitations to join a professional type organization.

listUserInvitations

List invitations

Authorizations:

bearerAuth

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"invitedBy": {"email": "user@example.com",
"displayName": "string",
"photoUrl": "string"
},
"organization": {"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"logoURL": "string",
"organizationType": "personal",
"ownerUserId": "string",
"role": "owner",
"joinedAt": "2019-08-24T14:15:22Z"
},
"organizationRole": "owner"
}
]

acceptInvitation

Accept invitation

Authorizations:

bearerAuth

path Parameters

invitationId

required

string

ID of invitation

Responses

rejectInvitation

Reject an invitation

Authorizations:

bearerAuth

path Parameters

invitationId

required

string

ID of invitation

Responses

invite

The invite service is where you can manage invitations sent to users to join your organization.

listOrganizationInvites

List invites

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"role": "owner"
}
]

createOrganizationInvite

Create invite

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

emails required	Array of strings <email> [ items <email > ]
role required	string (OrganizationRole) Enum: "owner" "admin" "auditor" "member" A high level role that describes the level of access a user has to an organization. Owner: Global namespace admin. Admin: Global namespace admin. Auditor: Global namespace viewer. Member: any user who was granted access to the organization

Responses

Request samples

Payload

Content type

application/json

{"emails": ["user@example.com"
],
"role": "owner"
}

Response samples

201

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"email": "user@example.com",
"role": "owner"
}
]

deleteOrganizationInvite

Delete invite

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
invitationId required	string ID of invitation

Responses

policy

The policy service is where you can manage policies within a namespace in your organization.

You can build a policy by configuring a Pomerium Policy Language (PPL) rule and apply it to a route.

See the PPL documentation to learn more.

listPolicies

List policies

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

namespaceId required	string ID of namespace
includeDescendants	boolean include resources from descendant namespaces

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}
]

createPolicy

Create policy

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

namespaceId required	string
name required	string
enforced required	boolean
required	PPLRule (object) or Array of PPLRule (objects)
description required	string
explanation required	string
remediation required	string

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

deletePolicy

Delete policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Responses

getPolicy

Get policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

updatePolicy

Update policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Request Body schema: application/json
required

namespaceId required	string
name required	string
enforced required	boolean
required	PPLRule (object) or Array of PPLRule (objects)
description required	string
explanation required	string
remediation required	string

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

updateRoute

Update route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Request Body schema: application/json
required

namespaceId required	string
name required	string (entityName) [ 1 .. 128 ] characters
from required	string <url>
to	Array of strings <url> [ items <url > ]
	object (RouteDirectResponse)
prefix	string
path	string
regex	string
prefixRewrite	string
regexRewritePattern	string
regexRewriteSubstitution	string
hostRewrite	string
hostRewriteHeader	string
hostPathRegexRewritePattern	string
hostPathRegexRewriteSubstitution	string
regexPriorityOrder	integer <int64>
timeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
idleTimeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
allowWebsockets required	boolean
allowSpdy required	boolean
tlsSkipVerify required	boolean
tlsUpstreamServerName	string
tlsDownstreamServerName	string
tlsCustomCaKeyPairId	string
tlsClientKeyPairId	string
tlsDownstreamClientCaKeyPairId	string
tlsUpstreamAllowRenegotiation required	boolean
	object (StringMap)
	object (StringMap)
removeRequestHeaders	Array of strings
	Array of objects (RouteRewriteHeader)
preserveHostHeader required	boolean
passIdentityHeaders	boolean
kubernetesServiceAccountToken	string
	object (RouteRedirect)
enableGoogleCloudServerlessAuthentication required	boolean
showErrorDetails required	boolean
	RouteHttpHealthCheck (object) or RouteTcpHealthCheck (object) or RouteGrpcHealthCheck (object) (RouteHealthCheck)
loadBalancingPolicy	string (RouteLoadBalancingPolicy) Enum: "round_robin" "least_request" "ring_hash" "random" "maglev"
policyIds required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
]
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

activityLog

listActivityLogs

List activity logs

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

activityType	string (ActivityType) Enum: "create" "delete" "update" Type of activity
entityId	string ID of entity
entityType	string (EntityType) Enum: "changeset" "custom_domain" "domain" "key_pair" "namespace" "organization" "policy" "route" "settings" "service_account" Type of entity
changesetId	string id of changeset
namespaceId	string ID of namespace
userId	string ID of user
offset	integer offset of the resources
limit	integer limit number of resources returned

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"activityType": "create",
"applied": {"at": "2019-08-24T14:15:22Z",
"by": {"id": "string",
"email": "user@example.com",
"displayName": "string",
"photoUrl": "string"
},
"changesetId": "string"
},
"entity": {"type": "changeset",
"id": "string",
"data": { }
},
"namespace": {"id": "string",
"name": "string"
},
"user": {"id": "string",
"email": "user@example.com",
"displayName": "string",
"photoUrl": "string"
}
}
]

createServiceAccount

Create service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

expiresAt	string <date-time>
description required	string
userId required	string

Responses

Request samples

Payload

Content type

application/json

{"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string",
"token": "string"
}

deleteServiceAccount

Delete service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Responses

updateServiceAccount

Update service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Request Body schema: application/json
required

description

required

string

Responses

Request samples

Payload

Content type

application/json

{"description": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}

updateSettings

Update settings

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

logLevel required	string Sets the global logging level for Pomerium. Only logs of the desired level and above will be logged. Go to Log Level reference
proxyLogLevel	string Sets the logging level for the Pomerium Proxy service access logs. Only logs of the desired level and above will be logged. Go to Proxy Log Level reference
address required	string <hostport> Specifies the Host and Port to serve HTTP requests from. If empty, `:443` is used. Go to Address reference
dnsLookupFamily required	string (DNSLookupFamily) Enum: "V4_ONLY" "V6_ONLY" "V4_PREFERRED" "AUTO" "ALL" Sets the DNS IP address resolution policy. Go to DNS Lookup Family reference
httpRedirectAddr	string <hostport> Specifies the Host and Port to redirect HTTP to HTTPS traffic on. If unset, no redirect server is started. Go to HTTP Redirect Address reference
timeoutRead required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the amount of time for the entire request stream to be received from the client. Go to Global Timeouts reference
timeoutWrite required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the max stream duration is the maximum time that a stream’s lifetime will span. Go to Global Timeouts reference
timeoutIdle required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the idle timeout is the time at which a downstream or upstream connection will be terminated if there are no active streams. Go to Global Timeouts reference
cookieName required	string Sets the name of the session cookie sent to clients. Go to Cookie Settings reference
cookieSecret	string Sets the secret used to encrypt and sign session cookies. If you don't provide a cookie secret, Pomerium will generate one for you. Go to Cookie Settings reference
cookieDomain	string Sets the scope of session cookies issued by Pomerium. If you specify the domain explicitly, then subdomains would also be included. Go to Cookie Settings reference
cookieHttpOnly required	boolean If true, this setting forbids JavaScript from accessing the cookie. Go to Cookie Settings reference
cookieExpire required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the lifetime of session cookies. After this interval, users must reauthenticate. Go to Cookie Settings reference
cookieSameSite	string Sets the SameSite option for cookies, which determines whether or not a cookie is sent with cross-site requests. Go to Cookie Settings reference
certificateAuthorityKeyPairId	string ID of CA's public and private key pair.
	object (StringMap) Specifies a mapping of HTTP Headers added globally to all managed routes and Pomerium's Authenticate Service. Go to Set Response Headers reference
	object (StringMap) Pass specific user session data to upstream applications as unsigned HTTP request headers. Go to JWT Claim Headers reference
defaultUpstreamTimeout required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ The default timeout applied to a proxied route when no timeout key is specified by the policy. Go to Default Upstream Timeout reference
metricsAddress	string Exposes a Prometheus endpoint on the specified port. Go to Metrics Settings reference
tracingProvider	string The name of the tracing provider (for example, Jaeger or Zipkin). Go to Tracing reference
tracingSampleRate required	number Percentage of requests to sample in decimal notation. The default is 0.0001, or .01%. Go to Tracing reference
tracingDatadogAddress	string <hostport> The `host:port` address of the Datadog Trace Agent. Defaults to `localhost:8126`. Go to Tracing reference
tracingJaegerCollectorEndpoint	string The URL to the Jaeger HTTP Thrift collector. Go to Tracing reference
tracingJaegerAgentEndpoint	string <hostport> The address of the `jaeger-agent` where you send Spans to. Go to Tracing reference
tracingZipkinEndpoint	string The URL to the Zipkin HTTP endpoint. Go to Tracing reference
clientCa	string The X.509 public-key used to validate a client certificate. Go to Downstream mTLS Settings reference
clientCaFile	string Path to client CA's PEM certificate bundle. Go to Downstream mTLS Settings reference
clientCaKeyPairId	string ID of the client CA's public and private key pair.
googleCloudServerlessAuthenticationServiceAccount	string Specifies the Service Account credentials to support GCP's Authorization Header format. Go to Google Cloud Serverless Authn SA reference
skipXffAppend required	boolean If true, the incoming X-Forwarded-For HTTP header would not be modified. Go to X-Forwarded-For reference
databrokerStorageConnection	string The databroker storage connection string. Go to Databroker Settings reference
accessLogFields	Array of strings Controls which fields are included in the access logs. Go to Access Log Fields reference
authorizeLogFields	Array of strings Controls which fields are included in the authorize logs. Go to Authorize Log Fields reference
passIdentityHeaders required	boolean

Responses

Request samples

Payload

Content type

application/json

{"logLevel": "string",
"proxyLogLevel": "string",
"address": "string",
"dnsLookupFamily": "V4_ONLY",
"httpRedirectAddr": "string",
"timeoutRead": "string",
"timeoutWrite": "string",
"timeoutIdle": "string",
"cookieName": "string",
"cookieSecret": "string",
"cookieDomain": "string",
"cookieHttpOnly": true,
"cookieExpire": "string",
"cookieSameSite": "string",
"certificateAuthorityKeyPairId": "string",
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"jwtClaimsHeaders": {"property1": "string",
"property2": "string"
},
"defaultUpstreamTimeout": "string",
"metricsAddress": "string",
"tracingProvider": "string",
"tracingSampleRate": 0,
"tracingDatadogAddress": "string",
"tracingJaegerCollectorEndpoint": "string",
"tracingJaegerAgentEndpoint": "string",
"tracingZipkinEndpoint": "string",
"clientCa": "string",
"clientCaFile": "string",
"clientCaKeyPairId": "string",
"googleCloudServerlessAuthenticationServiceAccount": "string",
"skipXffAppend": true,
"databrokerStorageConnection": "string",
"accessLogFields": ["string"
],
"authorizeLogFields": ["string"
],
"passIdentityHeaders": true
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"logLevel": "string",
"proxyLogLevel": "string",
"address": "string",
"dnsLookupFamily": "V4_ONLY",
"httpRedirectAddr": "string",
"timeoutRead": "string",
"timeoutWrite": "string",
"timeoutIdle": "string",
"cookieName": "string",
"cookieSecret": "string",
"cookieDomain": "string",
"cookieHttpOnly": true,
"cookieExpire": "string",
"cookieSameSite": "string",
"certificateAuthorityKeyPairId": "string",
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"jwtClaimsHeaders": {"property1": "string",
"property2": "string"
},
"defaultUpstreamTimeout": "string",
"metricsAddress": "string",
"tracingProvider": "string",
"tracingSampleRate": 0,
"tracingDatadogAddress": "string",
"tracingJaegerCollectorEndpoint": "string",
"tracingJaegerAgentEndpoint": "string",
"tracingZipkinEndpoint": "string",
"clientCa": "string",
"clientCaFile": "string",
"clientCaKeyPairId": "string",
"googleCloudServerlessAuthenticationServiceAccount": "string",
"skipXffAppend": true,
"databrokerStorageConnection": "string",
"accessLogFields": ["string"
],
"authorizeLogFields": ["string"
],
"passIdentityHeaders": true
}

listCustomDomains

List custom domains

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

clusterId

required

string

ID of cluster

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"clusterId": "string",
"domainName": "string",
"lastError": "string",
"keyPairId": "string",
"expiresAt": "2019-08-24T14:15:22Z"
}
]

addCustomDomain

Add custom domain

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

clusterId required	string
domainName required	string

Responses

Request samples

Payload

Content type

application/json

{"clusterId": "string",
"domainName": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"clusterId": "string",
"domainName": "string",
"lastError": "string",
"keyPairId": "string",
"expiresAt": "2019-08-24T14:15:22Z"
}

deleteCustomDomain

Delete custom domain

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
customDomainId required	string ID of custom domain

Responses

createKeyPair

Create keyPair

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

key	string
namespaceId required	string
certificate	string
name	string

Responses

Request samples

Payload

Content type

application/json

{"key": "string",
"namespaceId": "string",
"certificate": "string",
"name": "string"
}

Response samples

201

Content type

application/json

{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}

deleteKeyPair

Delete keyPair

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
keyPairId required	string ID of namespace

Responses

updateKeyPair

Update keyPair. If the certificate and/or key is not set the existing certificate and/or key will be preserved.

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
keyPairId required	string ID of namespace

Request Body schema: application/json
required

key	string
namespaceId required	string
certificate	string
name	string

Responses

Request samples

Payload

Content type

application/json

{"key": "string",
"namespaceId": "string",
"certificate": "string",
"name": "string"
}

Response samples

200

Content type

application/json

{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}

createNamespace

Create namespace

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

parentId	string
name required	string

Responses

Request samples

Payload

Content type

application/json

{"parentId": "string",
"name": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}

deleteNamespace

Delete namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Responses

updateNamespace

Update namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Request Body schema: application/json
required

parentId	string
name required	string

Responses

Request samples

Payload

Content type

application/json

{"parentId": "string",
"name": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}

createPolicy

Create policy

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

namespaceId required	string
name required	string
enforced required	boolean
required	PPLRule (object) or Array of PPLRule (objects)
description required	string
explanation required	string
remediation required	string

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

deletePolicy

Delete policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Responses

updatePolicy

Update policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Request Body schema: application/json
required

namespaceId required	string
name required	string
enforced required	boolean
required	PPLRule (object) or Array of PPLRule (objects)
description required	string
explanation required	string
remediation required	string

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

createRoute

Create route

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

namespaceId required	string
name required	string (entityName) [ 1 .. 128 ] characters
from required	string <url>
to	Array of strings <url> [ items <url > ]
	object (RouteDirectResponse)
prefix	string
path	string
regex	string
prefixRewrite	string
regexRewritePattern	string
regexRewriteSubstitution	string
hostRewrite	string
hostRewriteHeader	string
hostPathRegexRewritePattern	string
hostPathRegexRewriteSubstitution	string
regexPriorityOrder	integer <int64>
timeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
idleTimeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
allowWebsockets required	boolean
allowSpdy required	boolean
tlsSkipVerify required	boolean
tlsUpstreamServerName	string
tlsDownstreamServerName	string
tlsCustomCaKeyPairId	string
tlsClientKeyPairId	string
tlsDownstreamClientCaKeyPairId	string
tlsUpstreamAllowRenegotiation required	boolean
	object (StringMap)
	object (StringMap)
removeRequestHeaders	Array of strings
	Array of objects (RouteRewriteHeader)
preserveHostHeader required	boolean
passIdentityHeaders	boolean
kubernetesServiceAccountToken	string
	object (RouteRedirect)
enableGoogleCloudServerlessAuthentication required	boolean
showErrorDetails required	boolean
	RouteHttpHealthCheck (object) or RouteTcpHealthCheck (object) or RouteGrpcHealthCheck (object) (RouteHealthCheck)
loadBalancingPolicy	string (RouteLoadBalancingPolicy) Enum: "round_robin" "least_request" "ring_hash" "random" "maglev"
policyIds required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
]
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

deleteRoute

Delete route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Responses

updateRoute

Update route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Request Body schema: application/json
required

namespaceId required	string
name required	string (entityName) [ 1 .. 128 ] characters
from required	string <url>
to	Array of strings <url> [ items <url > ]
	object (RouteDirectResponse)
prefix	string
path	string
regex	string
prefixRewrite	string
regexRewritePattern	string
regexRewriteSubstitution	string
hostRewrite	string
hostRewriteHeader	string
hostPathRegexRewritePattern	string
hostPathRegexRewriteSubstitution	string
regexPriorityOrder	integer <int64>
timeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
idleTimeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
allowWebsockets required	boolean
allowSpdy required	boolean
tlsSkipVerify required	boolean
tlsUpstreamServerName	string
tlsDownstreamServerName	string
tlsCustomCaKeyPairId	string
tlsClientKeyPairId	string
tlsDownstreamClientCaKeyPairId	string
tlsUpstreamAllowRenegotiation required	boolean
	object (StringMap)
	object (StringMap)
removeRequestHeaders	Array of strings
	Array of objects (RouteRewriteHeader)
preserveHostHeader required	boolean
passIdentityHeaders	boolean
kubernetesServiceAccountToken	string
	object (RouteRedirect)
enableGoogleCloudServerlessAuthentication required	boolean
showErrorDetails required	boolean
	RouteHttpHealthCheck (object) or RouteTcpHealthCheck (object) or RouteGrpcHealthCheck (object) (RouteHealthCheck)
loadBalancingPolicy	string (RouteLoadBalancingPolicy) Enum: "round_robin" "least_request" "ring_hash" "random" "maglev"
policyIds required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
]
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

route

The route service is where you can build and manage routes defined in a namespace within your organization.

updatePolicy

Update policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Request Body schema: application/json
required

namespaceId required	string
name required	string
enforced required	boolean
required	PPLRule (object) or Array of PPLRule (objects)
description required	string
explanation required	string
remediation required	string

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

listRoutes

List routes

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

namespaceId required	string ID of namespace
includeDescendants	boolean include resources from descendant namespaces

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}
]

createRoute

Create route

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

namespaceId required	string
name required	string (entityName) [ 1 .. 128 ] characters
from required	string <url>
to	Array of strings <url> [ items <url > ]
	object (RouteDirectResponse)
prefix	string
path	string
regex	string
prefixRewrite	string
regexRewritePattern	string
regexRewriteSubstitution	string
hostRewrite	string
hostRewriteHeader	string
hostPathRegexRewritePattern	string
hostPathRegexRewriteSubstitution	string
regexPriorityOrder	integer <int64>
timeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
idleTimeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
allowWebsockets required	boolean
allowSpdy required	boolean
tlsSkipVerify required	boolean
tlsUpstreamServerName	string
tlsDownstreamServerName	string
tlsCustomCaKeyPairId	string
tlsClientKeyPairId	string
tlsDownstreamClientCaKeyPairId	string
tlsUpstreamAllowRenegotiation required	boolean
	object (StringMap)
	object (StringMap)
removeRequestHeaders	Array of strings
	Array of objects (RouteRewriteHeader)
preserveHostHeader required	boolean
passIdentityHeaders	boolean
kubernetesServiceAccountToken	string
	object (RouteRedirect)
enableGoogleCloudServerlessAuthentication required	boolean
showErrorDetails required	boolean
	RouteHttpHealthCheck (object) or RouteTcpHealthCheck (object) or RouteGrpcHealthCheck (object) (RouteHealthCheck)
loadBalancingPolicy	string (RouteLoadBalancingPolicy) Enum: "round_robin" "least_request" "ring_hash" "random" "maglev"
policyIds required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
]
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

deleteRoute

Delete route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Responses

getRoute

Get route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

updateRoute

Update route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Request Body schema: application/json
required

namespaceId required	string
name required	string (entityName) [ 1 .. 128 ] characters
from required	string <url>
to	Array of strings <url> [ items <url > ]
	object (RouteDirectResponse)
prefix	string
path	string
regex	string
prefixRewrite	string
regexRewritePattern	string
regexRewriteSubstitution	string
hostRewrite	string
hostRewriteHeader	string
hostPathRegexRewritePattern	string
hostPathRegexRewriteSubstitution	string
regexPriorityOrder	integer <int64>
timeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
idleTimeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
allowWebsockets required	boolean
allowSpdy required	boolean
tlsSkipVerify required	boolean
tlsUpstreamServerName	string
tlsDownstreamServerName	string
tlsCustomCaKeyPairId	string
tlsClientKeyPairId	string
tlsDownstreamClientCaKeyPairId	string
tlsUpstreamAllowRenegotiation required	boolean
	object (StringMap)
	object (StringMap)
removeRequestHeaders	Array of strings
	Array of objects (RouteRewriteHeader)
preserveHostHeader required	boolean
passIdentityHeaders	boolean
kubernetesServiceAccountToken	string
	object (RouteRedirect)
enableGoogleCloudServerlessAuthentication required	boolean
showErrorDetails required	boolean
	RouteHttpHealthCheck (object) or RouteTcpHealthCheck (object) or RouteGrpcHealthCheck (object) (RouteHealthCheck)
loadBalancingPolicy	string (RouteLoadBalancingPolicy) Enum: "round_robin" "least_request" "ring_hash" "random" "maglev"
policyIds required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
]
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

getRouteCertificates

Get certificates that match the given route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Responses

Response samples

200

Content type

application/json

[{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}
]

token

The token service is where you can exchange a valid API refresh token for a new ID token.

getIdToken

Exchange API refresh token for ID token

Request Body schema: application/json
required

refreshToken

required

string

API refresh token

Responses

Request samples

Payload

Content type

application/json

{"refreshToken": "string"
}

Response samples

200

Content type

application/json

{"idToken": "string",
"expiresInSeconds": "string"
}

keyPair

The keypair service is where you can manage global- and route-level certificates for your organization.

listKeyPairs

List key pairs

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

namespaceId required	string ID of namespace
includeDescendants	boolean include resources from descendant namespaces

Responses

Response samples

200

Content type

application/json

[{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}
]

createKeyPair

Create keyPair

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

key	string
namespaceId required	string
certificate	string
name	string

Responses

Request samples

Payload

Content type

application/json

{"key": "string",
"namespaceId": "string",
"certificate": "string",
"name": "string"
}

Response samples

201

Content type

application/json

{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}

deleteKeyPair

Delete keyPair

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
keyPairId required	string ID of namespace

Responses

getKeyPair

Get keyPair

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
keyPairId required	string ID of namespace

Responses

Response samples

200

Content type

application/json

{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}

updateKeyPair

Update keyPair. If the certificate and/or key is not set the existing certificate and/or key will be preserved.

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
keyPairId required	string ID of namespace

Request Body schema: application/json
required

key	string
namespaceId required	string
certificate	string
name	string

Responses

Request samples

Payload

Content type

application/json

{"key": "string",
"namespaceId": "string",
"certificate": "string",
"name": "string"
}

Response samples

200

Content type

application/json

{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}

getRouteCertificates

Get certificates that match the given route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Responses

Response samples

200

Content type

application/json

[{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}
]

namespace

The namespace service is where you can manage namespaces within an organization.

listClusters

List clusters

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true
}
]

createCluster

Create cluster

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

name required	string
domain required	string
manualOverrideIpAddress	string <ip> (IPAddress)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true,
"refreshToken": "string"
}

deleteCluster

Delete cluster

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

getCluster

Get cluster

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true
}

updateCluster

Update cluster

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

name required	string
domain required	string
manualOverrideIpAddress	string <ip> (IPAddress)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true
}

listNamespaces

List namespaces

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster",
"role": "admin"
}
]

createNamespace

Create namespace

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

parentId	string
name required	string

Responses

Request samples

Payload

Content type

application/json

{"parentId": "string",
"name": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}

deleteNamespace

Delete namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Responses

getNamespace

Get namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}

updateNamespace

Update namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Request Body schema: application/json
required

parentId	string
name required	string

Responses

Request samples

Payload

Content type

application/json

{"parentId": "string",
"name": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}

changeset

The changeset service is where you can list, get, and apply changesets within a cluster or namespace.

listChangesets

List changesets

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

clusterId	string ID of cluster
status	string (ChangesetStatus) Enum: "pending" "applying" "applied" "failed" "current" "rejected" status of changeset
offset	integer offset of the resources
limit	integer limit number of resources returned

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"failureMessage": "string",
"namespaceId": "string",
"status": "pending"
}
]

compareChangesets

Compare changesets

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

clusterId required	string ID of cluster
firstId	string id of the first changeset to compare
secondId	string id of the second changeset to compare

Responses

Response samples

200

Content type

application/json

{"startChangeset": {"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"failureMessage": "string",
"namespaceId": "string",
"status": "pending"
},
"endChangeset": {"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"failureMessage": "string",
"namespaceId": "string",
"status": "pending"
},
"entities": [[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"activityType": "create",
"applied": {"at": "2019-08-24T14:15:22Z",
"by": {"id": "string",
"email": "user@example.com",
"displayName": "string",
"photoUrl": "string"
},
"changesetId": "string"
},
"entity": {"type": "changeset",
"id": "string",
"data": { }
},
"namespace": {"id": "string",
"name": "string"
},
"user": {"id": "string",
"email": "user@example.com",
"displayName": "string",
"photoUrl": "string"
}
}
]
]
}

getChangeset

Get changeset

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
changesetId required	string ID of changeset

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"failureMessage": "string",
"namespaceId": "string",
"status": "pending"
}

applyChangeset

Apply changeset

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
changesetId required	string ID of changeset

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"failureMessage": "string",
"namespaceId": "string",
"status": "pending"
}

createServiceAccount

Create service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

expiresAt	string <date-time>
description required	string
userId required	string

Responses

Request samples

Payload

Content type

application/json

{"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string",
"token": "string"
}

deleteServiceAccount

Delete service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Responses

updateServiceAccount

Update service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Request Body schema: application/json
required

description

required

string

Responses

Request samples

Payload

Content type

application/json

{"description": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}

updateSettings

Update settings

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

logLevel required	string Sets the global logging level for Pomerium. Only logs of the desired level and above will be logged. Go to Log Level reference
proxyLogLevel	string Sets the logging level for the Pomerium Proxy service access logs. Only logs of the desired level and above will be logged. Go to Proxy Log Level reference
address required	string <hostport> Specifies the Host and Port to serve HTTP requests from. If empty, `:443` is used. Go to Address reference
dnsLookupFamily required	string (DNSLookupFamily) Enum: "V4_ONLY" "V6_ONLY" "V4_PREFERRED" "AUTO" "ALL" Sets the DNS IP address resolution policy. Go to DNS Lookup Family reference
httpRedirectAddr	string <hostport> Specifies the Host and Port to redirect HTTP to HTTPS traffic on. If unset, no redirect server is started. Go to HTTP Redirect Address reference
timeoutRead required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the amount of time for the entire request stream to be received from the client. Go to Global Timeouts reference
timeoutWrite required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the max stream duration is the maximum time that a stream’s lifetime will span. Go to Global Timeouts reference
timeoutIdle required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the idle timeout is the time at which a downstream or upstream connection will be terminated if there are no active streams. Go to Global Timeouts reference
cookieName required	string Sets the name of the session cookie sent to clients. Go to Cookie Settings reference
cookieSecret	string Sets the secret used to encrypt and sign session cookies. If you don't provide a cookie secret, Pomerium will generate one for you. Go to Cookie Settings reference
cookieDomain	string Sets the scope of session cookies issued by Pomerium. If you specify the domain explicitly, then subdomains would also be included. Go to Cookie Settings reference
cookieHttpOnly required	boolean If true, this setting forbids JavaScript from accessing the cookie. Go to Cookie Settings reference
cookieExpire required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the lifetime of session cookies. After this interval, users must reauthenticate. Go to Cookie Settings reference
cookieSameSite	string Sets the SameSite option for cookies, which determines whether or not a cookie is sent with cross-site requests. Go to Cookie Settings reference
certificateAuthorityKeyPairId	string ID of CA's public and private key pair.
	object (StringMap) Specifies a mapping of HTTP Headers added globally to all managed routes and Pomerium's Authenticate Service. Go to Set Response Headers reference
	object (StringMap) Pass specific user session data to upstream applications as unsigned HTTP request headers. Go to JWT Claim Headers reference
defaultUpstreamTimeout required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ The default timeout applied to a proxied route when no timeout key is specified by the policy. Go to Default Upstream Timeout reference
metricsAddress	string Exposes a Prometheus endpoint on the specified port. Go to Metrics Settings reference
tracingProvider	string The name of the tracing provider (for example, Jaeger or Zipkin). Go to Tracing reference
tracingSampleRate required	number Percentage of requests to sample in decimal notation. The default is 0.0001, or .01%. Go to Tracing reference
tracingDatadogAddress	string <hostport> The `host:port` address of the Datadog Trace Agent. Defaults to `localhost:8126`. Go to Tracing reference
tracingJaegerCollectorEndpoint	string The URL to the Jaeger HTTP Thrift collector. Go to Tracing reference
tracingJaegerAgentEndpoint	string <hostport> The address of the `jaeger-agent` where you send Spans to. Go to Tracing reference
tracingZipkinEndpoint	string The URL to the Zipkin HTTP endpoint. Go to Tracing reference
clientCa	string The X.509 public-key used to validate a client certificate. Go to Downstream mTLS Settings reference
clientCaFile	string Path to client CA's PEM certificate bundle. Go to Downstream mTLS Settings reference
clientCaKeyPairId	string ID of the client CA's public and private key pair.
googleCloudServerlessAuthenticationServiceAccount	string Specifies the Service Account credentials to support GCP's Authorization Header format. Go to Google Cloud Serverless Authn SA reference
skipXffAppend required	boolean If true, the incoming X-Forwarded-For HTTP header would not be modified. Go to X-Forwarded-For reference
databrokerStorageConnection	string The databroker storage connection string. Go to Databroker Settings reference
accessLogFields	Array of strings Controls which fields are included in the access logs. Go to Access Log Fields reference
authorizeLogFields	Array of strings Controls which fields are included in the authorize logs. Go to Authorize Log Fields reference
passIdentityHeaders required	boolean

Responses

Request samples

Payload

Content type

application/json

{"logLevel": "string",
"proxyLogLevel": "string",
"address": "string",
"dnsLookupFamily": "V4_ONLY",
"httpRedirectAddr": "string",
"timeoutRead": "string",
"timeoutWrite": "string",
"timeoutIdle": "string",
"cookieName": "string",
"cookieSecret": "string",
"cookieDomain": "string",
"cookieHttpOnly": true,
"cookieExpire": "string",
"cookieSameSite": "string",
"certificateAuthorityKeyPairId": "string",
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"jwtClaimsHeaders": {"property1": "string",
"property2": "string"
},
"defaultUpstreamTimeout": "string",
"metricsAddress": "string",
"tracingProvider": "string",
"tracingSampleRate": 0,
"tracingDatadogAddress": "string",
"tracingJaegerCollectorEndpoint": "string",
"tracingJaegerAgentEndpoint": "string",
"tracingZipkinEndpoint": "string",
"clientCa": "string",
"clientCaFile": "string",
"clientCaKeyPairId": "string",
"googleCloudServerlessAuthenticationServiceAccount": "string",
"skipXffAppend": true,
"databrokerStorageConnection": "string",
"accessLogFields": ["string"
],
"authorizeLogFields": ["string"
],
"passIdentityHeaders": true
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"logLevel": "string",
"proxyLogLevel": "string",
"address": "string",
"dnsLookupFamily": "V4_ONLY",
"httpRedirectAddr": "string",
"timeoutRead": "string",
"timeoutWrite": "string",
"timeoutIdle": "string",
"cookieName": "string",
"cookieSecret": "string",
"cookieDomain": "string",
"cookieHttpOnly": true,
"cookieExpire": "string",
"cookieSameSite": "string",
"certificateAuthorityKeyPairId": "string",
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"jwtClaimsHeaders": {"property1": "string",
"property2": "string"
},
"defaultUpstreamTimeout": "string",
"metricsAddress": "string",
"tracingProvider": "string",
"tracingSampleRate": 0,
"tracingDatadogAddress": "string",
"tracingJaegerCollectorEndpoint": "string",
"tracingJaegerAgentEndpoint": "string",
"tracingZipkinEndpoint": "string",
"clientCa": "string",
"clientCaFile": "string",
"clientCaKeyPairId": "string",
"googleCloudServerlessAuthenticationServiceAccount": "string",
"skipXffAppend": true,
"databrokerStorageConnection": "string",
"accessLogFields": ["string"
],
"authorizeLogFields": ["string"
],
"passIdentityHeaders": true
}

listCustomDomains

List custom domains

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

clusterId

required

string

ID of cluster

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"clusterId": "string",
"domainName": "string",
"lastError": "string",
"keyPairId": "string",
"expiresAt": "2019-08-24T14:15:22Z"
}
]

addCustomDomain

Add custom domain

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

clusterId required	string
domainName required	string

Responses

Request samples

Payload

Content type

application/json

{"clusterId": "string",
"domainName": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"clusterId": "string",
"domainName": "string",
"lastError": "string",
"keyPairId": "string",
"expiresAt": "2019-08-24T14:15:22Z"
}

deleteCustomDomain

Delete custom domain

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
customDomainId required	string ID of custom domain

Responses

createKeyPair

Create keyPair

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

key	string
namespaceId required	string
certificate	string
name	string

Responses

Request samples

Payload

Content type

application/json

{"key": "string",
"namespaceId": "string",
"certificate": "string",
"name": "string"
}

Response samples

201

Content type

application/json

{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}

deleteKeyPair

Delete keyPair

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
keyPairId required	string ID of namespace

Responses

updateKeyPair

Update keyPair. If the certificate and/or key is not set the existing certificate and/or key will be preserved.

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
keyPairId required	string ID of namespace

Request Body schema: application/json
required

key	string
namespaceId required	string
certificate	string
name	string

Responses

Request samples

Payload

Content type

application/json

{"key": "string",
"namespaceId": "string",
"certificate": "string",
"name": "string"
}

Response samples

200

Content type

application/json

{"certificateInfo": {"version": 0,
"serial": "string",
"issuer": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"subject": {"country": ["string"
],
"organization": ["string"
],
"organizationalUnit": ["string"
],
"locality": ["string"
],
"province": ["string"
],
"streetAddress": ["string"
],
"postalCode": ["string"
],
"serialNumber": "string",
"commonName": "string"
},
"notBefore": "2019-08-24T14:15:22Z",
"notAfter": "2019-08-24T14:15:22Z",
"keyUsage": {"digitalSignature": true,
"contentCommitment": true,
"keyEncipherment": true,
"dataEncipherment": true,
"keyAgreement": true,
"certSign": true,
"crlSign": true,
"encipherOnly": true,
"decipherOnly": true
},
"extKeyUsage": {"any": true,
"serverAuth": true,
"clientAuth": true,
"codeSigning": true,
"emailProtection": true,
"ipsecEndSystem": true,
"ipsecTunnel": true,
"ipsecUser": true,
"timeStamping": true,
"ocspSigning": true,
"microsoftServerGatedCrypto": true,
"netscapeServerGatedCrypto": true,
"microsoftCommercialCodeSigning": true,
"microsoftKernelCodeSigning": true
},
"dnsNames": ["string"
],
"emailAddresses": ["string"
],
"ipAddresses": ["string"
],
"uris": ["string"
],
"permittedDnsDomainsCritical": true,
"permittedDnsDomains": ["string"
],
"excludedDnsDomains": ["string"
],
"permittedIpRanges": ["string"
],
"excludedIpRanges": ["string"
],
"permittedEmailAddresses": ["string"
],
"excludedEmailAddresses": ["string"
],
"permittedUriDomains": ["string"
],
"excludedUriDomains": ["string"
]
},
"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"certificate": "string",
"name": "string",
"origin": "system",
"status": "pending"
}

createNamespace

Create namespace

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

parentId	string
name required	string

Responses

Request samples

Payload

Content type

application/json

{"parentId": "string",
"name": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}

deleteNamespace

Delete namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Responses

updateNamespace

Update namespace

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
namespaceId required	string ID of namespace

Request Body schema: application/json
required

parentId	string
name required	string

Responses

Request samples

Payload

Content type

application/json

{"parentId": "string",
"name": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}

createPolicy

Create policy

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

namespaceId required	string
name required	string
enforced required	boolean
required	PPLRule (object) or Array of PPLRule (objects)
description required	string
explanation required	string
remediation required	string

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

deletePolicy

Delete policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Responses

updatePolicy

Update policy

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
policyId required	string ID of policy

Request Body schema: application/json
required

namespaceId required	string
name required	string
enforced required	boolean
required	PPLRule (object) or Array of PPLRule (objects)
description required	string
explanation required	string
remediation required	string

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"enforced": true,
"ppl": {"allow": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
},
"deny": {"and": [{ }
],
"or": [{ }
],
"not": [{ }
],
"nor": [{ }
]
}
},
"description": "string",
"explanation": "string",
"remediation": "string",
"routes": [{"id": "string",
"name": "string"
}
]
}

createRoute

Create route

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

namespaceId required	string
name required	string (entityName) [ 1 .. 128 ] characters
from required	string <url>
to	Array of strings <url> [ items <url > ]
	object (RouteDirectResponse)
prefix	string
path	string
regex	string
prefixRewrite	string
regexRewritePattern	string
regexRewriteSubstitution	string
hostRewrite	string
hostRewriteHeader	string
hostPathRegexRewritePattern	string
hostPathRegexRewriteSubstitution	string
regexPriorityOrder	integer <int64>
timeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
idleTimeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
allowWebsockets required	boolean
allowSpdy required	boolean
tlsSkipVerify required	boolean
tlsUpstreamServerName	string
tlsDownstreamServerName	string
tlsCustomCaKeyPairId	string
tlsClientKeyPairId	string
tlsDownstreamClientCaKeyPairId	string
tlsUpstreamAllowRenegotiation required	boolean
	object (StringMap)
	object (StringMap)
removeRequestHeaders	Array of strings
	Array of objects (RouteRewriteHeader)
preserveHostHeader required	boolean
passIdentityHeaders	boolean
kubernetesServiceAccountToken	string
	object (RouteRedirect)
enableGoogleCloudServerlessAuthentication required	boolean
showErrorDetails required	boolean
	RouteHttpHealthCheck (object) or RouteTcpHealthCheck (object) or RouteGrpcHealthCheck (object) (RouteHealthCheck)
loadBalancingPolicy	string (RouteLoadBalancingPolicy) Enum: "round_robin" "least_request" "ring_hash" "random" "maglev"
policyIds required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
]
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

deleteRoute

Delete route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Responses

updateRoute

Update route

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
routeId required	string ID of route

Request Body schema: application/json
required

namespaceId required	string
name required	string (entityName) [ 1 .. 128 ] characters
from required	string <url>
to	Array of strings <url> [ items <url > ]
	object (RouteDirectResponse)
prefix	string
path	string
regex	string
prefixRewrite	string
regexRewritePattern	string
regexRewriteSubstitution	string
hostRewrite	string
hostRewriteHeader	string
hostPathRegexRewritePattern	string
hostPathRegexRewriteSubstitution	string
regexPriorityOrder	integer <int64>
timeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
idleTimeout	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$
allowWebsockets required	boolean
allowSpdy required	boolean
tlsSkipVerify required	boolean
tlsUpstreamServerName	string
tlsDownstreamServerName	string
tlsCustomCaKeyPairId	string
tlsClientKeyPairId	string
tlsDownstreamClientCaKeyPairId	string
tlsUpstreamAllowRenegotiation required	boolean
	object (StringMap)
	object (StringMap)
removeRequestHeaders	Array of strings
	Array of objects (RouteRewriteHeader)
preserveHostHeader required	boolean
passIdentityHeaders	boolean
kubernetesServiceAccountToken	string
	object (RouteRedirect)
enableGoogleCloudServerlessAuthentication required	boolean
showErrorDetails required	boolean
	RouteHttpHealthCheck (object) or RouteTcpHealthCheck (object) or RouteGrpcHealthCheck (object) (RouteHealthCheck)
loadBalancingPolicy	string (RouteLoadBalancingPolicy) Enum: "round_robin" "least_request" "ring_hash" "random" "maglev"
policyIds required	Array of strings

Responses

Request samples

Payload

Content type

application/json

{"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
]
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"namespaceId": "string",
"name": "string",
"from": "string",
"to": ["string"
],
"response": {"status": 0,
"body": "string"
},
"prefix": "string",
"path": "string",
"regex": "string",
"prefixRewrite": "string",
"regexRewritePattern": "string",
"regexRewriteSubstitution": "string",
"hostRewrite": "string",
"hostRewriteHeader": "string",
"hostPathRegexRewritePattern": "string",
"hostPathRegexRewriteSubstitution": "string",
"regexPriorityOrder": 0,
"timeout": "string",
"idleTimeout": "string",
"allowWebsockets": true,
"allowSpdy": true,
"tlsSkipVerify": true,
"tlsUpstreamServerName": "string",
"tlsDownstreamServerName": "string",
"tlsCustomCaKeyPairId": "string",
"tlsClientKeyPairId": "string",
"tlsDownstreamClientCaKeyPairId": "string",
"tlsUpstreamAllowRenegotiation": true,
"setRequestHeaders": {"property1": "string",
"property2": "string"
},
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"removeRequestHeaders": ["string"
],
"rewriteResponseHeaders": [{"header": "string",
"matcher": {"prefix": "string"
},
"value": "string"
}
],
"preserveHostHeader": true,
"passIdentityHeaders": true,
"kubernetesServiceAccountToken": "string",
"redirect": {"httpsRedirect": true,
"schemeRedirect": "string",
"hostRedirect": "string",
"portRedirect": 0,
"pathRedirect": "string",
"prefixRewrite": "string",
"responseCode": 0,
"stripQuery": true
},
"enableGoogleCloudServerlessAuthentication": true,
"showErrorDetails": true,
"healthCheck": {"timeout": "string",
"interval": "string",
"unhealthyThreshold": 0,
"healthyThreshold": 0,
"type": "http",
"host": "string",
"path": "string",
"expectedStatuses": [{"start": 0,
"end": 0
}
],
"codecClientType": "http1"
},
"loadBalancingPolicy": "round_robin",
"policyIds": ["string"
],
"enforcedPolicyIds": ["string"
]
}

settings

Manage configuration settings for a cluster within an organization.

getSettings

Get settings

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"logLevel": "string",
"proxyLogLevel": "string",
"address": "string",
"dnsLookupFamily": "V4_ONLY",
"httpRedirectAddr": "string",
"timeoutRead": "string",
"timeoutWrite": "string",
"timeoutIdle": "string",
"cookieName": "string",
"cookieSecret": "string",
"cookieDomain": "string",
"cookieHttpOnly": true,
"cookieExpire": "string",
"cookieSameSite": "string",
"certificateAuthorityKeyPairId": "string",
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"jwtClaimsHeaders": {"property1": "string",
"property2": "string"
},
"defaultUpstreamTimeout": "string",
"metricsAddress": "string",
"tracingProvider": "string",
"tracingSampleRate": 0,
"tracingDatadogAddress": "string",
"tracingJaegerCollectorEndpoint": "string",
"tracingJaegerAgentEndpoint": "string",
"tracingZipkinEndpoint": "string",
"clientCa": "string",
"clientCaFile": "string",
"clientCaKeyPairId": "string",
"googleCloudServerlessAuthenticationServiceAccount": "string",
"skipXffAppend": true,
"databrokerStorageConnection": "string",
"accessLogFields": ["string"
],
"authorizeLogFields": ["string"
],
"passIdentityHeaders": true
}

updateSettings

Update settings

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

logLevel required	string Sets the global logging level for Pomerium. Only logs of the desired level and above will be logged. Go to Log Level reference
proxyLogLevel	string Sets the logging level for the Pomerium Proxy service access logs. Only logs of the desired level and above will be logged. Go to Proxy Log Level reference
address required	string <hostport> Specifies the Host and Port to serve HTTP requests from. If empty, `:443` is used. Go to Address reference
dnsLookupFamily required	string (DNSLookupFamily) Enum: "V4_ONLY" "V6_ONLY" "V4_PREFERRED" "AUTO" "ALL" Sets the DNS IP address resolution policy. Go to DNS Lookup Family reference
httpRedirectAddr	string <hostport> Specifies the Host and Port to redirect HTTP to HTTPS traffic on. If unset, no redirect server is started. Go to HTTP Redirect Address reference
timeoutRead required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the amount of time for the entire request stream to be received from the client. Go to Global Timeouts reference
timeoutWrite required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the max stream duration is the maximum time that a stream’s lifetime will span. Go to Global Timeouts reference
timeoutIdle required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the idle timeout is the time at which a downstream or upstream connection will be terminated if there are no active streams. Go to Global Timeouts reference
cookieName required	string Sets the name of the session cookie sent to clients. Go to Cookie Settings reference
cookieSecret	string Sets the secret used to encrypt and sign session cookies. If you don't provide a cookie secret, Pomerium will generate one for you. Go to Cookie Settings reference
cookieDomain	string Sets the scope of session cookies issued by Pomerium. If you specify the domain explicitly, then subdomains would also be included. Go to Cookie Settings reference
cookieHttpOnly required	boolean If true, this setting forbids JavaScript from accessing the cookie. Go to Cookie Settings reference
cookieExpire required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ Sets the lifetime of session cookies. After this interval, users must reauthenticate. Go to Cookie Settings reference
cookieSameSite	string Sets the SameSite option for cookies, which determines whether or not a cookie is sent with cross-site requests. Go to Cookie Settings reference
certificateAuthorityKeyPairId	string ID of CA's public and private key pair.
	object (StringMap) Specifies a mapping of HTTP Headers added globally to all managed routes and Pomerium's Authenticate Service. Go to Set Response Headers reference
	object (StringMap) Pass specific user session data to upstream applications as unsigned HTTP request headers. Go to JWT Claim Headers reference
defaultUpstreamTimeout required	string (Duration) ^([0-9]+(y\|w\|d\|h\|m\|s\|ms))+$ The default timeout applied to a proxied route when no timeout key is specified by the policy. Go to Default Upstream Timeout reference
metricsAddress	string Exposes a Prometheus endpoint on the specified port. Go to Metrics Settings reference
tracingProvider	string The name of the tracing provider (for example, Jaeger or Zipkin). Go to Tracing reference
tracingSampleRate required	number Percentage of requests to sample in decimal notation. The default is 0.0001, or .01%. Go to Tracing reference
tracingDatadogAddress	string <hostport> The `host:port` address of the Datadog Trace Agent. Defaults to `localhost:8126`. Go to Tracing reference
tracingJaegerCollectorEndpoint	string The URL to the Jaeger HTTP Thrift collector. Go to Tracing reference
tracingJaegerAgentEndpoint	string <hostport> The address of the `jaeger-agent` where you send Spans to. Go to Tracing reference
tracingZipkinEndpoint	string The URL to the Zipkin HTTP endpoint. Go to Tracing reference
clientCa	string The X.509 public-key used to validate a client certificate. Go to Downstream mTLS Settings reference
clientCaFile	string Path to client CA's PEM certificate bundle. Go to Downstream mTLS Settings reference
clientCaKeyPairId	string ID of the client CA's public and private key pair.
googleCloudServerlessAuthenticationServiceAccount	string Specifies the Service Account credentials to support GCP's Authorization Header format. Go to Google Cloud Serverless Authn SA reference
skipXffAppend required	boolean If true, the incoming X-Forwarded-For HTTP header would not be modified. Go to X-Forwarded-For reference
databrokerStorageConnection	string The databroker storage connection string. Go to Databroker Settings reference
accessLogFields	Array of strings Controls which fields are included in the access logs. Go to Access Log Fields reference
authorizeLogFields	Array of strings Controls which fields are included in the authorize logs. Go to Authorize Log Fields reference
passIdentityHeaders required	boolean

Responses

Request samples

Payload

Content type

application/json

{"logLevel": "string",
"proxyLogLevel": "string",
"address": "string",
"dnsLookupFamily": "V4_ONLY",
"httpRedirectAddr": "string",
"timeoutRead": "string",
"timeoutWrite": "string",
"timeoutIdle": "string",
"cookieName": "string",
"cookieSecret": "string",
"cookieDomain": "string",
"cookieHttpOnly": true,
"cookieExpire": "string",
"cookieSameSite": "string",
"certificateAuthorityKeyPairId": "string",
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"jwtClaimsHeaders": {"property1": "string",
"property2": "string"
},
"defaultUpstreamTimeout": "string",
"metricsAddress": "string",
"tracingProvider": "string",
"tracingSampleRate": 0,
"tracingDatadogAddress": "string",
"tracingJaegerCollectorEndpoint": "string",
"tracingJaegerAgentEndpoint": "string",
"tracingZipkinEndpoint": "string",
"clientCa": "string",
"clientCaFile": "string",
"clientCaKeyPairId": "string",
"googleCloudServerlessAuthenticationServiceAccount": "string",
"skipXffAppend": true,
"databrokerStorageConnection": "string",
"accessLogFields": ["string"
],
"authorizeLogFields": ["string"
],
"passIdentityHeaders": true
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"logLevel": "string",
"proxyLogLevel": "string",
"address": "string",
"dnsLookupFamily": "V4_ONLY",
"httpRedirectAddr": "string",
"timeoutRead": "string",
"timeoutWrite": "string",
"timeoutIdle": "string",
"cookieName": "string",
"cookieSecret": "string",
"cookieDomain": "string",
"cookieHttpOnly": true,
"cookieExpire": "string",
"cookieSameSite": "string",
"certificateAuthorityKeyPairId": "string",
"setResponseHeaders": {"property1": "string",
"property2": "string"
},
"jwtClaimsHeaders": {"property1": "string",
"property2": "string"
},
"defaultUpstreamTimeout": "string",
"metricsAddress": "string",
"tracingProvider": "string",
"tracingSampleRate": 0,
"tracingDatadogAddress": "string",
"tracingJaegerCollectorEndpoint": "string",
"tracingJaegerAgentEndpoint": "string",
"tracingZipkinEndpoint": "string",
"clientCa": "string",
"clientCaFile": "string",
"clientCaKeyPairId": "string",
"googleCloudServerlessAuthenticationServiceAccount": "string",
"skipXffAppend": true,
"databrokerStorageConnection": "string",
"accessLogFields": ["string"
],
"authorizeLogFields": ["string"
],
"passIdentityHeaders": true
}

cluster

A cluster represents an isolated Pomerium Core instance within your organization. An organization can have multiple clusters with separate configurations depending on the organization’s use case.

createOrganization

Create organization

Authorizations:

bearerAuth

Request Body schema: application/json
required

name required	string
logoURL	string <url> URL to an image that will be used as the organization logo. User may provide a URL to an image hosted on a third party service, or upload an image to the dashboard, which would result in an URL being generated.
domain required	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"logoURL": "string",
"domain": "string"
}

Response samples

201

Content type

application/json

{"organization": {"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"logoURL": "string",
"organizationType": "personal",
"ownerUserId": "string",
"role": "owner",
"joinedAt": "2019-08-24T14:15:22Z"
},
"namespace": {"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}
}

listClusters

List clusters

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true
}
]

createCluster

Create cluster

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

name required	string
domain required	string
manualOverrideIpAddress	string <ip> (IPAddress)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true,
"refreshToken": "string"
}

deleteCluster

Delete cluster

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

getCluster

Get cluster

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true
}

updateCluster

Update cluster

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

name required	string
domain required	string
manualOverrideIpAddress	string <ip> (IPAddress)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"domain": "string",
"manualOverrideIpAddress": "string",
"fqdn": "string",
"autoDetectIpAddress": "string",
"namespaceId": "string",
"hasFailingHealthChecks": true
}

getClusterJwk

Get cluster JWK

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

{"use": "string",
"kty": "string",
"kid": "string",
"crv": "string",
"alg": "string",
"x": "string",
"y": "string",
"jwksUrl": "string"
}

getClusterHealth

Get cluster health check data

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

[{"description": "string",
"hostname": "string",
"status": "success",
"updatedAt": "2019-08-24T14:15:22Z"
}
]

rotateClusterToken

Rotate cluster identity token. This token is used to authenticate the cluster to the Pomerium Zero API. Only one token may be active at a time. Requesting a new token will invalidate the previous one.

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

{"refreshToken": "string"
}

organization

acceptInvitation

Accept invitation

Authorizations:

bearerAuth

path Parameters

invitationId

required

string

ID of invitation

Responses

listOrganizations

List organizations

Authorizations:

bearerAuth

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"logoURL": "string",
"organizationType": "personal",
"ownerUserId": "string",
"role": "owner",
"joinedAt": "2019-08-24T14:15:22Z"
}
]

createOrganization

Create organization

Authorizations:

bearerAuth

Request Body schema: application/json
required

name required	string
logoURL	string <url> URL to an image that will be used as the organization logo. User may provide a URL to an image hosted on a third party service, or upload an image to the dashboard, which would result in an URL being generated.
domain required	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"logoURL": "string",
"domain": "string"
}

Response samples

201

Content type

application/json

{"organization": {"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"logoURL": "string",
"organizationType": "personal",
"ownerUserId": "string",
"role": "owner",
"joinedAt": "2019-08-24T14:15:22Z"
},
"namespace": {"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"parentId": "string",
"name": "string",
"type": "cluster"
}
}

deleteOrganization

Delete organization

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

getOrganization

Get organization

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"logoURL": "string",
"organizationType": "personal",
"ownerUserId": "string",
"role": "owner",
"joinedAt": "2019-08-24T14:15:22Z"
}

updateOrganization

Update organization

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

name required	string
logoURL	string <url> URL to an image that will be used as the organization logo. User may provide a URL to an image hosted on a third party service, or upload an image to the dashboard, which would result in an URL being generated.
ownerUserId	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"logoURL": "string",
"ownerUserId": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"name": "string",
"logoURL": "string",
"organizationType": "personal",
"ownerUserId": "string",
"role": "owner",
"joinedAt": "2019-08-24T14:15:22Z"
}

leaveOrganization

Leave organization

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

Delete previously uploaded organization logo

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Responses

Upload an organization logo image

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: multipart/form-data

image

required

string <binary>

Responses

terms

acceptTerms

Accept terms

Authorizations:

bearerAuth

path Parameters

termId

required

string

ID of a legal term

Responses

defaultTemplate

listDefaultTemplates

List default templates

Authorizations:

bearerAuth

path Parameters

recordType

required

string (DefaultTemplateRecordType)

Enum: "route" "settings" "policy"

Type of record

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"recordType": "route",
"name": "string",
"defaultProperties": { }
}
]

startOnboarding

Start onboarding

Authorizations:

bearerAuth

Request Body schema: application/json
required

name required	string
system required	string

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"system": "string"
}

Response samples

200

Content type

application/json

{"organizationId": "string",
"clusterId": "string",
"clusterToken": "string"
}

configureOnboarding

Configure onboarding

Authorizations:

bearerAuth

Request Body schema: application/json
required

ipAddress	string <ip> (IPAddress)
port	string <port> (Port)
system required	string

Responses

Request samples

Payload

Content type

application/json

{"ipAddress": "string",
"port": "string",
"system": "string"
}

Response samples

200

Content type

application/json

{ }

getClusterTimeSeriesMetric

Get cluster metric time series

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
metricId required	string (ClusterTimeSeriesMetricId) Enum: "mau" "dau" ID of cluster time series metric

Responses

Response samples

200

Content type

application/json

[{"value": 0,
"timestamp": "2019-08-24T14:15:22Z"
}
]

pingCluster

Ping cluster

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

{"success": true,
"errorCode": "err_cluster_ping_no_identity",
"errorMessage": "string"
}

getVersion

Get version

Responses

Response samples

200

Content type

application/json

{"version": "string"
}

serviceAccount

listServiceAccounts

List service accounts

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}
]

createServiceAccount

Create service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Request Body schema: application/json
required

expiresAt	string <date-time>
description required	string
userId required	string

Responses

Request samples

Payload

Content type

application/json

{"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string",
"token": "string"
}

deleteServiceAccount

Delete service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Responses

getServiceAccount

Get service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Responses

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}

updateServiceAccount

Update service account

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Request Body schema: application/json
required

description

required

string

Responses

Request samples

Payload

Content type

application/json

{"description": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"expiresAt": "2019-08-24T14:15:22Z",
"description": "string",
"userId": "string"
}

getServiceAccountToken

Get service account token

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster
serviceAccountId required	string ID of service account

Responses

Response samples

200

Content type

application/json

{"token": "string"
}

resourceBundleStatus

getClusterResourceBundleStatus

Get settings

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
clusterId required	string ID of cluster

Responses

Response samples

200

Content type

application/json

{"property1": {"lastFailure": {"error": "string",
"source": "string",
"updatedAt": "2019-08-24T14:15:22Z"
},
"lastSuccess": {"changesetId": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
},
"property2": {"lastFailure": {"error": "string",
"source": "string",
"updatedAt": "2019-08-24T14:15:22Z"
},
"lastSuccess": {"changesetId": "string",
"updatedAt": "2019-08-24T14:15:22Z"
}
}
}

customDomain

listCustomDomains

List custom domains

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

query Parameters

clusterId

required

string

ID of cluster

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"clusterId": "string",
"domainName": "string",
"lastError": "string",
"keyPairId": "string",
"expiresAt": "2019-08-24T14:15:22Z"
}
]

addCustomDomain

Add custom domain

Authorizations:

bearerAuth

path Parameters

organizationId

required

string

ID of organization

Request Body schema: application/json
required

clusterId required	string
domainName required	string

Responses

Request samples

Payload

Content type

application/json

{"clusterId": "string",
"domainName": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"createdAt": "2019-08-24T14:15:22Z",
"updatedAt": "2019-08-24T14:15:22Z",
"clusterId": "string",
"domainName": "string",
"lastError": "string",
"keyPairId": "string",
"expiresAt": "2019-08-24T14:15:22Z"
}

deleteCustomDomain

Delete custom domain

Authorizations:

bearerAuth

path Parameters

organizationId required	string ID of organization
customDomainId required	string ID of custom domain

Responses

notification

authorizeNotifications

authorize notifications

Authorizations:

bearerAuth

Request Body schema: application/x-www-form-urlencoded
required

socket_id required	string
channel_name required	string

Responses

Response samples

200

Content type

application/json

{"auth": "string"
}

Pomerium Zero API (0.1.0)

user

deleteCurrentUser

Authorizations:

Responses

updateCurrentUserInfo

Authorizations:

Responses

Response samples

completeOnboarding

Authorizations:

Responses

listUsersInNamespace

Authorizations:

path Parameters

Responses

Response samples

removeUserFromNamespace

Authorizations:

path Parameters

Responses

addUserToNamespace

Authorizations:

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

listUsersInOrganization

Authorizations:

path Parameters

query Parameters

Responses

Response samples

createApiAccessUser

Authorizations:

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

removeUserFromOrganization

Authorizations:

path Parameters

Responses

RenewApiUserRefreshToken

Authorizations:

path Parameters

Responses

Response samples

invitation

listUserInvitations

Authorizations:

Responses

Response samples

acceptInvitation

Authorizations:

path Parameters

Responses

rejectInvitation

Authorizations:

path Parameters

Responses

invite

listOrganizationInvites

Authorizations:

path Parameters

Responses

Response samples

createOrganizationInvite

Authorizations:

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

deleteOrganizationInvite

Authorizations:

path Parameters

Responses

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required