Pulse Connect Secure/Pulse
Policy Secure
REST API Solutions Guide
PPuubblliisshheedd DDaattee
Jun 2020
8.4
Document Revision
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
2
Pulse Secure, LLC
2700 Zanker Road, Suite 200
San Jose, CA 95134
https://www.pulsesecure.net
Pulse Secure assumes no responsibility for any inaccuracies in this document. Pulse Secure reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
Products made or sold by Pulse Secure or components thereof might be covered by one or more of the
following patents that are owned by or licensed to Pulse Secure: U.S. Patent Nos. 5,473,599, 5,905,725,
5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899,
6,552,918, 6,567,902, 6,578,186, and 6,590,785.
REST API Solutions Guide
Copyright © 2020, Pulse Secure, LLC. All rights reserved.
Printed in USA.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
3
Revision History
Document Version
Revision Summary
8.4
Added the following section for 9.1R7 release
- Retrieving Serial Number and Machine ID
8.3
Added the following section for 9.1R6 release
- Enabling/Disabling ICE License
- Getting the Current Status of ICE License
8.2.1
Added the following section for 9.1R5 release
- Fetching Active Number of HTML5 Sessions
8.2
Updated the following section for 9.1R5 release:
- Getting License Report from License Server
8.1
Updated Profiler REST APIs URL
8.0
Added/Updated the following sections for 9.1R4 release:
- Getting Active Sessions
- Getting System Information
- Fetching the User Login Statistics
- Health Check Status
- VIP Failover
- Applying License
- Deleting License
- Getting License Clients
- Getting License Report from License Server
- Profiler REST APIs
7.1
Removed the unused header “Postman-Token” from the Guide.
7.0
Updated the “PCS/PPS Configuration Using REST APIs” section
with:
- Export without ESAP and Pulse Client packages API.
- Backup/restore binary configuration
- Added sample curl commands
6.0
Updated the “PCS/PPS Configuration Using REST APIs” section with
IF MAP related REST APIs.
5.1
Updated the “PCS/PPS Configuration Using REST APIs” section with
AD and LDAP related REST APIs.
5.0
Updated with “PCS/PPS Configuration Using REST APIs” section.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
4
Contents
REVISION HISTORY .......................................................................................................................................................................3
OVERVIEW ......................................................................................................................................................................................7
AUTHENTICATION FOR REST APIS .............................................................................................................................................8
Basic Authentication using the HTTP Authorization Header..................................................................................8
Realm-based Authentication (Recommended) .........................................................................................................11
SAMPLE GET/POST/PUT/DELETE REQUEST AND RESPONSES IN PCS ...................................................................................13
GET API Call: Fetch the Specific User under Local Authentication Server ..........................................................13
POST API Call: Create User for Existing Local Authentication Server ...................................................................14
PUT API Call: Update Full name field of Specific user .............................................................................................15
DELETE API Call: DELETE Specific User ........................................................................................................................17
Representing Configuration Resources Using Links ................................................................................................19
SAMPLE GET/POST/PUT/DELETE REQUEST AND RESPONSES IN PPS ...................................................................................20
GET API Call: Fetch the Details under Endpoint Policy ............................................................................................20
POST API Call: Create an SRX Enforcer in Infranet Enforcer Connection ............................................................21
PUT API Call: Update Existing Configuration Where In Initial Location Group is Configured as Guest .......23
DELETE API Call: Delete an SNMP Device ...................................................................................................................24
PCS/PPS CONFIGURATIONS USING REST APIS .....................................................................................................................26
GETTING ACTIVE SESSIONS.........................................................................................................................................................27
GETTING PARTICULAR ACTIVE SESSION DETAILS.........................................................................................................................28
DELETING A PARTICULAR ACTIVE SESSION ..................................................................................................................................29
DELETING ALL ACTIVE SESSIONS ................................................................................................................................................29
QUERYING SET OF LEASED LICENSES IN THE LICENSE SERVER SYSTEM .......................................................................................30
PULLING STATE FROM A LICENSE SERVER ON A LICENSE CLIENT ................................................................................................32
CONFIGURING CERTIFICATES BASED ON CSR WORKFLOW .........................................................................................................33
CREATING A CSR FOR A DEVICE CERTIFICATE .............................................................................................................................37
DELETING DEVICE CERTIFICATE BY ITS SUBJECT NAME................................................................................................................38
GETTING SYSTEM INFORMATION ................................................................................................................................................38
RETRIEVING SERIAL NUMBER AND MACHINE ID .........................................................................................................................39
REALM-BASED ADMINISTRATOR USER USING ADMINISTRATOR LOCAL AUTHENTICATION SERVER ..............................................40
REALM-BASED ADMINISTRATOR USER USING AD AUTHENTICATION SERVER..............................................................................40
REALM-BASED ADMINISTRATOR USER USING LDAP AUTHENTICATION SERVER .........................................................................41
REALM-BASED ADMINISTRATOR USER USING RADIUS AUTHENTICATION SERVER .......................................................................41
REALM-BASED ADMINISTRATOR USER FROM A PARTICULAR SOURCE IP .....................................................................................42
REALM-BASED ADMINISTRATOR AUTHORIZATION ROLE MAPPING TO .ADMINISTRATOR ROLE ...................................................43
SPECIFYING SESSION VALIDITY FOR REST ADMIN SESSION ........................................................................................................44
GETTING ACTIVE DIRECTORY SEARCH GROUPS ..........................................................................................................................45
ADDING SEARCH GROUP TO ACTIVE DIRECTORY ........................................................................................................................46
UPDATING ACTIVE DIRECTORY GROUP .......................................................................................................................................47
DELETING ACTIVE DIRECTORY GROUPS ......................................................................................................................................48
GETTING ALL LDAP GROUP LIST ...............................................................................................................................................48
ADDING GROUPS TO LDAP .......................................................................................................................................................49
UPDATING LDAP SOURCE GROUP ............................................................................................................................................50
DELETING LDAP SOURCE GROUP .............................................................................................................................................51
CREATING A CLUSTER .................................................................................................................................................................52
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
5
ADDING A MEMBER TO CLUSTER ................................................................................................................................................52
GETTING CLUSTER STATUS .........................................................................................................................................................53
DELETING CLUSTER MEMBER .....................................................................................................................................................55
GETTING HEALTH CHECK STATUS ..............................................................................................................................................56
JOINING A CLUSTER ....................................................................................................................................................................57
VIP FAILOVER .............................................................................................................................................................................57
CONFIGURING IF MAP SERVER ..................................................................................................................................................58
CONFIGURING IF MAP CLIENT ...................................................................................................................................................59
CONFIGURING NO IF MAP SERVER ...........................................................................................................................................60
GETTING CONFIG WITHOUT PULSE PACKAGES (ESAP AND PULSE CLIENT PACKAGES) ..............................................................61
BACKING UP BINARY CONFIGURATION .......................................................................................................................................62
RESTORING BINARY CONFIGURATION (IMPORT=NORMAL) ..........................................................................................................62
RESTORING BINARY CONFIGURATION (IMPORT=FULL) ................................................................................................................63
PCS-SPECIFIC CONFIGURATIONS USING REST APIS ............................................................................................................66
CREATING A VLAN .....................................................................................................................................................................67
DELETING A VLAN .....................................................................................................................................................................68
CREATING A USER ROLE .............................................................................................................................................................68
FETCHING THE USER LOGIN STATISTICS .....................................................................................................................................70
UPDATING THE USER ROLE SETTINGS ........................................................................................................................................71
DELETING A USER ROLE .............................................................................................................................................................73
CREATING A USER REALM ...........................................................................................................................................................73
DELETING A USER REALM ...........................................................................................................................................................77
CREATING A RESOURCE PROFILE ................................................................................................................................................77
DELETING A RESOURCE PROFILE ................................................................................................................................................79
CREATING A RESOURCE POLICY ..................................................................................................................................................80
FETCHING A RESOURCE POLICY ..................................................................................................................................................81
DELETING A RESOURCE POLICY ..................................................................................................................................................82
CREATING AN AD AUTHENTICATION SERVER ..............................................................................................................................82
DELETING AN AD AUTHENTICATION SERVER ..............................................................................................................................84
CREATING AN LDAP AUTHENTICATION SERVER..........................................................................................................................84
CREATING A RADIUS SERVER ......................................................................................................................................................87
MODIFYING RADIUS SERVER DETAILS .........................................................................................................................................89
CREATING SIGN-IN-POLICY ........................................................................................................................................................90
DELETING SIGN-IN-POLICY .........................................................................................................................................................91
DISABLING SIGN-IN-URL ...........................................................................................................................................................91
CREATING A WEB BOOKMARK FOR A ROLE .................................................................................................................................92
REORDERING ..............................................................................................................................................................................93
FETCHING THE RESOURCE WITH MULTIPLE IDENTIFIERS .............................................................................................................94
UPDATING RESOURCE IDENTIFIED USING MULTIPLE IDENTIFIERS ...............................................................................................95
FETCHING ACTIVE NUMBER OF HTML5 SESSIONS ....................................................................................................................96
UPDATING PASSWORD IN CLEAR TEXT .......................................................................................................................................96
APPLYING AUTHCODE AND DOWNLOADING LICENSES FROM PCLS ON VA-SPE|PSA-V ..........................................................97
APPLYING LICENSE .....................................................................................................................................................................98
DELETING LICENSE .....................................................................................................................................................................99
GETTING LICENSE CLIENTS .........................................................................................................................................................100
GETTING LICENSE REPORT FROM LICENSE SERVER .....................................................................................................................102
ENABLING/DISABLING ICE LICENSE ...........................................................................................................................................106
GETTING THE CURRENT STATUS OF ICE LICENSE .......................................................................................................................107
EXPORTING TOTP USERS FROM ONE DEVICE TO ANOTHER DEVICE ..........................................................................................107
IMPORTING TOTP USERS FROM ONE DEVICE TO ANOTHER DEVICE ..........................................................................................108
SAMPLE ERROR RESPONSES .......................................................................................................................................................109
400 BAD REQUEST ...........................................................................................................................................................109
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
6
403 Forbidden...................................................................................................................................................................111
404 NOT FOUND ..............................................................................................................................................................112
422 UNPROCESSABLE ENTITY .......................................................................................................................................114
LIMITATIONS ...............................................................................................................................................................................115
PPS-SPECIFIC CONFIGURATIONS USING REST APIS ............................................................................................................116
CREATING THE HC POLICY .........................................................................................................................................................117
DELETING THE HC POLICY .........................................................................................................................................................118
CREATING THE INFRANET ENFORCER ..........................................................................................................................................119
DELETING THE INFRANET ENFORCER ..........................................................................................................................................119
CREATING A RESOURCE POLICY ..................................................................................................................................................120
DELETING A RESOURCE POLICY ..................................................................................................................................................120
CREATING A RADIUS CLIENT .....................................................................................................................................................121
DELETING A RADIUS CLIENT .....................................................................................................................................................121
CREATING A RADIUS ATTRIBUTE POLICY ...................................................................................................................................122
DELETING A RADIUS ATTRIBUTE POLICY ...................................................................................................................................122
CREATING SNMP DEVICE ..........................................................................................................................................................123
DELETING SNMP DEVICE ..........................................................................................................................................................124
CREATING SNMP POLICY ..........................................................................................................................................................124
DELETING SNMP POLICY ..........................................................................................................................................................126
CREATING DEVICE GROUP - TACACS+......................................................................................................................................126
DELETING DEVICE GROUP- TACACS+ ......................................................................................................................................126
CREATING TACACS+ CLIENT .....................................................................................................................................................127
DELETING TACACS+ CLIENT .....................................................................................................................................................127
CREATING SHELL POLICIES .........................................................................................................................................................128
DELETING SHELL POLICIES .........................................................................................................................................................128
CREATING ADMISSION CONTROL CLIENT ...................................................................................................................................129
DELETING ADMISSION CONTROL CLIENT....................................................................................................................................129
CREATING ADMISSION CONTROL POLICY ...................................................................................................................................129
DELETING ADMISSION CONTROL POLICY ...................................................................................................................................130
PROFILER REST APIS .................................................................................................................................................................130
Approving Devices ............................................................................................................................................................130
Updating Device Attributes ............................................................................................................................................131
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
7
Overview
The REST API provides a standardized method for Next-Gen firewalls, NAC devices, and third-party systems to
interact with PCS/PPS. Representational state transfer (REST) or RESTful Web services are one way of providing
interoperability between computer systems on the Internet. REST-compliant Web services allow requesting systems
to access and manipulate textual representations of Web resources using a uniform and predefined set of stateless
operations. In a RESTful Web service, requests made to a resource's URI will elicit a response that may be in XML,
HTML, JSON or some other defined format. PCS/PPS supports JSON format only.
REST methods determine the HTTP method for manipulating the resources defined in the service operation. The
kind of operations available include those predefined by the HTTP verbs GET, POST, PUT, DELETE and so on. The
response may confirm that some alteration has been made to the stored resource, and it may provide hypertext
links to other related resources or collections of resources. By making use of a stateless protocol and standard
operations, REST systems aim for fast performance, reliability, and the ability to grow, by re-using components that
can be managed and updated without affecting the system as a whole, even while it is running.
Note: REST API Support for PCS/PPS involves only Configuration APIs. Also, PCS/PPS supports only the GET, POST,
PUT and DELETE APIs.
The valid and supported values are described in the Table 1.
Table 1: Valid and Supported Values
HTTP Verb
Definition
DELETE
Delete an existing resource.
GET
Retrieve a representation of a resource.
POST
Create a new resource
PUT
Create a new resource to a new URL or modify an existing resource to an
existing URL.
The error codes supported are described in the Table 2.
Table 2: Error Codes Supported
HTTP Verb
Definition
200 OK
Requesting for resource information successful using GET
Resource update successful using PUT
201 Created
Resource creation successful using POST
204 No Content
Deletion of resource successful with no body. Even PUT, POST may return 204 if
no errors or warnings seen
400 – Bad Request
Any Request (GET/PUT/POST/DELETE, and so on) is invalid.
Example: Incorrect JSON format
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
8
HTTP Verb
Definition
401 – Unauthorized
Any REST Call with invalid credentials
403 – Forbidden
REST Call with valid credentials but no permission
404 – Not found
Requested resource in URI does not exist
422 – Unprocessable
Entity
Any validation/referential integrity errors that would result in failure of
PUT/POST/DELETE request
500 Server Error
When PCS/PPS rest server is not responding
Authentication for REST APIs
Basic authentication using the HTTP authorization header is used to authenticate username/password on the
Administrators auth. server. It is expected that the user is already configured in the Administrators auth. server. On a
successful login, a random token (api_key) is generated once and sent back as a JSON response. Further access to
APIs can use this api_key value as username and password as empty in their Authorization header for access.
Note: A new random api_key is generated on a successful login. The user can continue to use this key till the
administrator:
•
Enables/disables the user account
•
Enables/disables the Allow REST API feature for that user
Basic Authentication using the HTTP Authorization Header
Configurations for REST APIs
The configuration of PCS/PPS can be accessed using REST APIs. The PCS/PPS configuration is represented in a json
form when accessed using REST APIs. The structure of the JSON representation is very similar to the structure of
PCS/PPS XML configuration.
A new admin UI option for users under "Administrators" authserver has been added. REST API authentication would
be successful only for those users who have this option enabled.
REST API access can be enabled from Pulse Connect Secure Admin console as shown below or from Pulse Connect
Secure serial console.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
9
To enable this check box in Pulse Connect Secure Admin Console:
1. Go to Authentication > Auth. Servers >Administrators > Update Administrator admin1.
2. Select the Allow access to REST APIs check box. See figure below.
3. Click Save Changes.
Enabling REST API Access for an Administrator from the Serial Console
REST API access for an administrator user can be enabled during initial configuration and while creating a new
administrator user.
During initial provisioning, there are no administrator accounts configured and the system prompts to create a new
administrator user. For the option “Do you want to enable REST API access for this administrator (y/n):”, enter y.
Note: Any characters other than “y” or “n” are invalid responses.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
10
When creating a new administrator user from the console using the option “2. Create admin username and
password”, for the option “Do you want to enable REST API access for this administrator (y/n):”, enter y.
The entire communication is over TLS. An example is explained below:
REQUEST
GET /api/v1/auth HTTP/1.1
Host: 10.209.112.106
Authorization: Basic YWRtaW5kYjpkYW5hMTIz
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
Expires: -1
Keep-Alive: timeout=15
{ "api_key": "p5mMlc7RQu81R2NvssLCCZhP05kf0N2ONFeYeLXX6aU=" }
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
11
Equivalent Curl Command
Note: While using curl command, ensure appropriate server CA certs is installed in the cert store recognized by
curl. The sample curl commands provided in this document assumes you have appropriate server CA certs installed.
COMMAND
curl -i -u admindb:dana123 -G https://<hostname>/api/v1/auth
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{"api_key":"p9/h85ytEmkDzvkGSmQ4z77p6Ya7aLIC42vh0F9CGaQ="}
api_key received in response to authentication request should be used as
Username with EMPTY password in all future requests. Refer to the
examples in Sample GET/POST/PUT/DELETE Request and Responses in PCS.
Realm-based Authentication (Recommended)
Pulse Secure recommends realm-based authentication instead of basic authentication using the HTTPS
authorization header.
REQUEST
POST /api/v1/realm_auth HTTP/1.1
Host: 10.209.116.214
Content-Type: application/json
Authorization: Basic YWRtaW46ZGFuYTEyMw==
{
"realm": "adminrealm"
}
RESPONSE
HTTP/1.1 200 OK
content-type →application/json
{
"api_key": "NjQzOGU0N2I5MDUyMWZhZWM0NmZiMTMxY2U3M2YyM2Q="
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
12
Authorization header for all future requests should perform Basic Auth using above api_key value as username and
password as empty.
REQUEST
GET /api/v1/configuration HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
cDVtTWxjN1JRdTgxUjJOdnNzTENDWmhQMDVrZjBOMk9ORmVZZUxYWDZhVT06
RESPONSE
HTTP/1.1 200 OK
Content-Length →283
Content-Type →application/json
{
"administrators":
{ "href": "/api/v1/configuration/administrators" }
,
"authentication":
{ "href": "/api/v1/configuration/authentication" }
,
"system":
{ "href": "/api/v1/configuration/system" }
,
"users":
{ "href": "/api/v1/configuration/users" }
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
13
Sample GET/POST/PUT/DELETE Request and Responses in PCS
Below is a sample of GET/POST/PUT/DELETE request and responses:
GET API Call: Fetch the Specific User under Local Authentication Server
REQUEST
GET /api/v1/configuration/authentication/auth-servers/auth-server/Sys-
Local/local/users/user/user0001 HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
cDkvaDg1eXRFbWtEenZrR1NtUTR6NzdwNllhN2FMSUM0MnZoMEY5Q0dhUT06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 309
Content-Type: application/json
{
"change-password-at-signin": "false",
"console-access": "false",
"enabled": "true",
"fullname": "user0001",
"one-time-use": "false",
"password-encrypted":
"3u+UR6n8AgABAAAATjgR31G4neKag2hxI+wjaNsRRZGD6wMQVkLEQv+DPQZdUrQi5IWPuihJ
f8tnrsBV0XCQly6WgZ79Jv1fyzmssg==",
"username": "user0001"
}
Equivalent Curl Command
COMMAND
curl -i -u p9/h85ytEmkDzvkGSmQ4z77p6Ya7aLIC42vh0F9CGaQ=: -X GET
https://<hostname>/api/v1/configuration/authentication/auth-servers/auth-
server/System%20Local/local/users/user/user0001
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 303
{
"change-password-at-signin": "false",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
14
"console-access": "false",
"enabled": "true",
"fullname": "user0001",
"one-time-use": "false",
"password-encrypted":
"3u+UR6n8AgABAAAAOrKwtwwYUZlizIhEaq54tt550UA39gKEP8AQ7sjr/WTdtPLf36
mpsI5zGWpORVRjEIFAzVOvmxwgXVLBEJnIRQ==",
"username": "user0001"
}
POST API Call: Create User for Existing Local Authentication Server
REQUEST
POST /api/v1/configuration/authentication/auth-servers/auth-server/Sys-
Local/local/users/user HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
cDkvaDg1eXRFbWtEenZrR1NtUTR6NzdwNllhN2FMSUM0MnZoMEY5Q0dhUT06
Content-Type: application/json
{
"change-password-at-signin": "false",
"console-access": "false",
"enabled": "true",
"fullname": "user0001",
"one-time-use": "false",
"password-encrypted":
"3u+UR6n8AgABAAAATjgR31G4neKag2hxI+wjaNsRRZGD6wMQVkLEQv+DPQZdUrQi5IWPuihJ
f8tnrsBV0XCQly6WgZ79Jv1fyzmssg==",
"username": "user0001"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
15
}
]
}
}
Equivalent Curl Command
COMMAND
curl -i -u hv5uaqOWF5kuISVnUiGEabOL8fsczsK98zVwpHYWgKE=: -X POST
https://<hostname>/api/v1/configuration/authentication/auth-servers/auth-
server/System%20Local/local/users/user -H 'Content-Type:
application/json' -d '{"change-password-at-signin": "false", "console-
access": "false", "enabled": "true", "fullname": "user0001", "one-time-
use": "false", "password-cleartext": "abc123", "username": "user0002"}'
RESPONSE
HTTP/1.1 201 CREATED
Content-Type: application/json
Content-Length: 128
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
}
}
PUT API Call: Update Full name field of Specific user
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-server/Sys-
Local/local/users/user/user0001/fullname HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
cDkvaDg1eXRFbWtEenZrR1NtUTR6NzdwNllhN2FMSUM0MnZoMEY5Q0dhUT06
Content-Type: application/json
Cache-Control: no-cache
{
"fullname":"REST API test for user0001"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
16
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
}
]
}
}
Equivalent Curl Command
COMMAND
curl -i -u hv5uaqOWF5kuISVnUiGEabOL8fsczsK98zVwpHYWgKE=: -X PUT
https://<hostname>/api/v1/configuration/authentication/auth-servers/auth-
server/System%20Local/local/users/user/user0001/fullname -H 'Content-
Type: application/json' -d '{"fullname": "user0001"}'
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 124
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
17
After updating, fetch the User details and observe the fullname field updated:
REQUEST
GET /api/v1/configuration/authentication/auth-servers/auth-server/Sys-
Local/local/users/user/user0001 HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
cDkvaDg1eXRFbWtEenZrR1NtUTR6NzdwNllhN2FMSUM0MnZoMEY5Q0dhUT06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length →327
Content-Type →application/json
{
"change-password-at-signin": "false",
"console-access": "false",
"enabled": "true",
"fullname": "REST API test for user0001",
"one-time-use": "false",
"password-encrypted":
"3u+UR6n8AgABAAAATjgR31G4neKag2hxI+wjaNsRRZGD6wMQVkLEQv+DPQZdUrQi5IWPuihJ
f8tnrsBV0XCQly6WgZ79Jv1fyzmssg==",
"username": "user0001"
}
DELETE API Call: DELETE Specific User
REQUEST
DELETE /api/v1/configuration/authentication/auth-servers/auth-server/Sys-
Local/local/users/user/user0001 HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
cDkvaDg1eXRFbWtEenZrR1NtUTR6NzdwNllhN2FMSUM0MnZoMEY5Q0dhUT06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length →122
Content-Type →application/json
{
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
18
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
}
]
}
}
Equivalent Curl Command
COMMAND
curl -i -u hv5uaqOWF5kuISVnUiGEabOL8fsczsK98zVwpHYWgKE=: -X DELETE
https://<hostname>/api/v1/configuration/authentication/auth-servers/auth-
server/System%20Local/local/users/user/user0002/
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Type: application/json
Content-Length: 0
After deleting, try to fetch the resource and you would observe 404 response.
REQUEST
GET /api/v1/configuration/authentication/auth-servers/auth-
server/Sys-Local/local/users/user/user0001 HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
cDkvaDg1eXRFbWtEenZrR1NtUTR6NzdwNllhN2FMSUM0MnZoMEY5Q0dhUT06
Content-Type: application/json
Cache-Control: no-cache
RESPONSE
404 NOT FOUND
Content-Length: 105
Content-Type: application/json
{
"result": {
"errors": [
{
"message": "Resource does not exist."
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
19
}
]
}
}
Representing Configuration Resources Using Links
When performing a GET request on a configuration resource, the json response may have "href" attributes to
represent smaller resources within.
As an example, "GET /api/v1/configuration" returns:
{
"users": {
"href": "/api/v1/configuration/users"
},
"system": {
"href": "/api/v1/configuration/system"
},
"authentication": {
"href": "/api/v1/configuration/authentication"
},
"administrators": {
"href": "/api/v1/configuration/administrators"
}
}
The href values can be used to access smaller resources.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
20
Sample GET/POST/PUT/DELETE Request and Responses in PPS
Below is a sample of GET/POST/PUT/DELETE request and responses:
GET API Call: Fetch the Details under Endpoint Policy
This example shows how to fetch the details under endpoint policy in PPS.
REQUEST
GET /api/v1/configuration/uac HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"admissionControl": {
"href": "/api/v1/configuration/uac/admissionControl"
},
"host-enforcer": {
"href": "/api/v1/configuration/uac/host-enforcer"
},
"infranet-enforcer": {
"href": "/api/v1/configuration/uac/infranet-enforcer"
},
"mac-address-realms": {
"href": "/api/v1/configuration/uac/mac-address-realms"
},
"network-access": {
"href": "/api/v1/configuration/uac/network-access"
},
"snmpEnforcement": {
"href": "/api/v1/configuration/uac/snmpEnforcement"
}
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 340
Content-Type: application/json
Equivalent Curl Command
COMMAND
curl -i -u g4dncT4699c+IWip/+8urgXM0Luy1vQdj9zNxEFWEbM=: -X GET
https://<hostname>/api/v1/configuration/uac
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
21
Content-Length: 620
{
"admissionControl": {
"href": "/api/v1/configuration/uac/admissionControl"
},
"host-enforcer": {
"href": "/api/v1/configuration/uac/host-enforcer"
},
"infranet-enforcer": {
"href": "/api/v1/configuration/uac/infranet-enforcer"
},
"mac-address-realms": {
"href": "/api/v1/configuration/uac/mac-address-realms"
},
"network-access": {
"href": "/api/v1/configuration/uac/network-access"
},
"networkDeviceAdministration": {
"href": "/api/v1/configuration/uac/networkDeviceAdministration"
},
"snmpEnforcement": {
"href": "/api/v1/configuration/uac/snmpEnforcement"
}
POST API Call: Create an SRX Enforcer in Infranet Enforcer Connection
This example shows how to create an SRX Enforcer in Infranet Enforcer connection.
REQUEST
POST /api/v1/configuration/uac/infranet-enforcer/connections/infranet-
enforcer/ HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"idp-for-local-sessions-only": "true",
"junos": {
"location-group": "- No 802.1X -",
"password-encrypted":
"3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY="
},
"name": "SRX",
"serial-number": [
"SJFIOQJI4KNM"
],
"severity-filter": "medium",
"use-idp": "false"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
22
}
RESPONSE
HTTP/1.1 201 OK
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or
error!"
}
]
}
}
Equivalent Curl Command
COMMAND
curl -i -u g4dncT4699c+IWip/+8urgXM0Luy1vQdj9zNxEFWEbM=: -X POST
https://<hostname>/api/v1/configuration/uac/infranet-
enforcer/connections/infranet-enforcer -H 'Content-Type:
application/json' -d '{"idp-for-local-sessions-only": "true", "junos": {
"location-group": "- No 802.1X -", "password-
encrypted":"3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY="
},"name": "SRX","serial-number": ["SJFIOQJI4KNM"],"severity-filter":
"medium", "use-idp": "false"}'
RESPONSE
HTTP/1.1 201 CREATED
Content-Type: application/json
Content-Length: 124
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
23
PUT API Call: Update Existing Configuration Where In Initial Location Group is Configured as
Guest
This example updates the existing configuration where in the initial Location Group is configured as "Guest" and
then later updated to "Default" Location group.
Before Updating the Location Group
REQUEST
GET api/v1/configuration/uac/network-access/radius-clients/radius-
client/Radius%20Client HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"location-group": "Guest",
"name": "Radius Client",
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 122
Content-Type: application/json
Equivalent Curl Command
COMMAND
curl -i -u g4dncT4699c+IWip/+8urgXM0Luy1vQdj9zNxEFWEbM=: -X PUT
https://<hostname>/api/v1/configuration/uac/network-access/radius-
clients/radius-client/Radius%20Client -H 'Content-Type: application/json'
-d '{"location-group": "Default","name": “Radius Client”}’
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 124
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
24
After Updating the Location Group
REQUEST
PUT api/v1/configuration/uac/network-access/radius-clients/radius-
client/Radius%20Client HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"location-group": "Default",
"name": "Radius Client",
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or
error!"
}
]
}
}
DELETE API Call: Delete an SNMP Device
This example shows how to delete SNMP device from PPS.
REQUEST
DELETE api/v1/configuration/uac/snmpEnforcement/clients/client/ruckus
HTTP/1.1
Host 10.96.73.37
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
25
Equivalent Curl Command
COMMAND
curl -I -u g4dncT4699c+IWip/+8urgXM0Luy1vQdj9zNxEFWEbM=: -X DELETE
https://<hostname>/api/v1/configuration/uac/snmpEnforcement/clients/clien
t/ruckus
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Type: application/json
Content-Length: 0
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
26
PCS/PPS Configurations Using REST APIs
•
Getting Active Sessions
•
Getting Particular Active Session Details
•
Deleting a Particular Active Session
•
Deleting All Active Sessions
•
Querying Set of Leased Licenses in the License Server System
•
Pulling State from a License Server on a License Client
•
Configuring Certificates based on CSR Workflow
•
Creating a CSR for a Device Certificate
•
Deleting Device Certificate by Its Subject Name
•
Getting System Information
•
Retrieving Serial Number and Machine ID
•
Realm-based Administrator User Using Administrator Local Authentication Server
•
Realm-based Administrator User Using AD Authentication Server
•
Realm-based Administrator User Using LDAP Authentication Server
•
Realm-based Administrator User Using Radius Authentication Server
•
Realm-based Administrator User from a Particular Source IP
•
Realm-based Administrator Authorization Role Mapping to .Administrator Role
•
Specifying Session Validity for REST Admin Session
•
Getting Active Directory Search Groups
•
Adding Search Group to Active Directory
•
Updating Active Directory Group
•
Deleting Active Directory Groups
•
Getting All LDAP Group List
•
Adding Groups to LDAP
•
Updating LDAP Source Group
•
Deleting LDAP Source Group
•
Creating a Cluster
•
Adding a Member to Cluster
•
Getting Cluster Status
•
Deleting Cluster Member
•
Getting Health Check Status
•
Joining a Cluster
•
VIP Failover
•
Configuring IF MAP Server
•
Configuring IF MAP Client
•
Configuring No IF MAP Server
•
Getting Config Without Pulse Packages (ESAP and Pulse Client Packages)
•
Backing Up Binary Configuration
•
Restoring Binary Configuration (import=normal)
•
Restoring Binary Configuration (import=full)
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
27
Getting Active Sessions
REQUEST
GET /api/v1/system/active-users HTTP/1.1
Host: 10.209.114.225
Authorization: Basic
QXNzN1FMN3VYdTJlaHpMZTF5QjRBQTdoMllNa3Q0NXRkc2dHc0hoNzU3Yz06
Content-Type: application/json
RESPONSE
Content-Type: application/json
{
"active-users": {
"active-user-records": {
"active-user-record": [
{
"active-user-name": "user1",
"agent-type": "Windows 8.1 Google Chrome",
"authentication-realm": "localrealm",
"endpoint-security-status": "Not Applicable\nPassed
Policies: \nFailed Policies: \nEliminated Roles: ",
"events": 0,
"login-node": "localhost2",
"network-connect-ip": null,
"network-connect-transport-mode": null,
"session-id":
"sidb03b1e971b7ebe163bb70c966a8ae2b50767aae300000000",
"pulse-client-version": "9.1.4.1316",
"user-roles": "localrealm",
"user-sign-in-time": "2018/08/23 11:45:40"
},
{
"active-user-name": "user2",
"agent-type": "Windows 7 Google Chrome",
"authentication-realm": "localrealm",
"endpoint-security-status": "Not Applicable\nPassed
Policies: \nFailed Policies: \nEliminated Roles: ",
"events": 0,
"login-node": "localhost2",
"network-connect-ip": null,
"network-connect-transport-mode": null,
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
28
"session-id":
"sid68377b6249d24784edfdd07edfe61ee9934b556100000000",
"user-roles": "localrealm",
"user-sign-in-time": "2018/08/23 11:46:15"
}
]
},
"total-matched-record-number": 2,
"total-returned-record-number": 2,
"user-login-permission": true
}
}
Getting Particular Active Session Details
REQUEST
GET /api/v1/system/active-users?name=user2 HTTP/1.1
Host: 10.209.114.225
Authorization: Basic
QXNzN1FMN3VYdTJlaHpMZTF5QjRBQTdoMllNa3Q0NXRkc2dHc0hoNzU3Yz06
Content-Type: application/json
RESPONSE
Content-Type: application/json
{
"active-users": {
"active-user-records": {
"active-user-record": [
{
"active-user-name": "user2",
"agent-type": "Windows 7 Google Chrome",
"authentication-realm": "localrealm",
"endpoint-security-status": "Not Applicable\nPassed
Policies: \nFailed Policies: \nEliminated Roles: ",
"events": 0,
"login-node": "localhost2",
"network-connect-ip": null,
"network-connect-transport-mode": null,
"session-id":
"sid68377b6249d24784edfdd07edfe61ee9934b556100000000",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
29
"user-roles": "localrealm",
"user-sign-in-time": "2018/08/23 11:46:15"
}
]
},
"total-matched-record-number": 1,
"total-returned-record-number": 1,
"user-login-permission": true
}
}
Deleting a Particular Active Session
REQUEST
DELETE /api/v1/system/active-
users/session/sid68377b6249d24784edfdd07edfe61ee9934b556100000000 HTTP/1.1
Host: 10.209.114.225
Authorization: Basic
QXNzN1FMN3VYdTJlaHpMZTF5QjRBQTdoMllNa3Q0NXRkc2dHc0hoNzU3Yz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Deleting All Active Sessions
REQUEST
DELETE /api/v1/system/active-users?all HTTP/1.1
Host: 10.209.114.225
Authorization: Basic
QXNzN1FMN3VYdTJlaHpMZTF5QjRBQTdoMllNa3Q0NXRkc2dHc0hoNzU3Yz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
30
Querying Set of Leased Licenses in the License Server System
REQUEST
GET /api/v1/license/license-server-lease-information HTTP/1.1
Host: 10.209.114.226
Authorization: Basic
c2czWUJmc1lyUjcwN2daSFh6RHdqME1YSnNhdDZmcXlaOVZKNFNSdStaZz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 2210
Content-Type: application/json
{
"leased-license-counts": {
"features": {
"feature": [
{
"clients": {
"client-info": [
{
"leased-count": 0,
"name": "client1"
}
]
},
"name": "Advanced Mobile License - Onboarding",
"total-count": 0
},
{
"clients": {
"client-info": [
{
"leased-count": 0,
"name": "client1"
}
]
},
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
31
"name": "Cloud Secure feature",
"total-count": 0
},
{
"clients": {
"client-info": [
{
"leased-count": 0,
"name": "client1"
}
]
},
"name": "Concurrent Meeting Users",
"total-count": 0
},
{
"clients": {
"client-info": [
{
"leased-count": 200,
"name": "client1"
},
{
"leased-count": 0,
"name": "client2"
}
]
},
"name": "Concurrent Users",
"total-count": 200
},
{
"clients": {
"client-info": [
{
"leased-count": 0,
"name": "client1"
}
]
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
32
},
"name": "Named Users",
"total-count": 0
},
{
"clients": {
"client-info": [
{
"leased-count": 0,
"name": "client1"
}
]
},
"name": "Premier Java Remote Desktop Applet",
"total-count": 0
}
]
},
"machine-id": "VASPMVKIT1NJNFPPS",
"query-summary": {},
"release-info": {
"build-number": "10124",
"version": "9.0"
},
"serial-number": null,
"signature":
"HMx/W0VhDAABAAAApoB/uSUYcwJSlk7HeXVMXK6+KsIPTrJnjXrUci
JEef2EKWyqgbDGoXhzYaGDl6Ye29oOw2KRQlyCM/HRpIpujA==",
"time-stamp": "Fri Aug 24 14:43:00 2018"
}
}
Pulling State from a License Server on a License Client
REQUEST
PUT /api/v1/license/license-client-lease-state HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
OWZBcVNKUkRCcEdjSEVQY3A0aDZ2UnFwdjhXbExIYzUxRS91TVU1VnBnMD06
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
33
Content-Type: application/json
{
}
Note: While using above URL (i.e., license-client-lease-state) by PUT
operation, we provide empty JSON body as input, because PUT operation
expects JSON body.
RESPONSE
HTTP/1.1 200 OK
Content-Length: 86
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Success"
}
]
}
}
Configuring Certificates based on CSR Workflow
REQUEST
POST /api/v1/system/certificates/device-certificates HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
aWZuM2VmZVZTRU9YNVZkVVZ3eFpiYWdob3VCTndxZEkyaExubUcyVU5ibz06
Content-Type: application/json
{
"cert" :"MIINzgIBAzCCDYoGCSqGSIb3DQEHAaCCDXsEgg13MIINczCCBg
QGCSqGSIb3DQEHAaCCBfUEggXxMIIF7TCCBekGCyqGSIb
3DQEMCgECoIIE9jCCBPIwHAYKKoZIhvcNAQwBAzAOBAjp
YgwUOJOweAICB9AEggTQFjak4T3ftSlkdoiOtc/xvh
Sfrrkezsl09tN6tqyuVYWFQUZkpUIg4v2pU1zOvFOTPplno
VCmeiL2HX7OzuLPALcnSvGmaq61I+Y5dBWMmXMo+bs8s
U36p6YS4D9Bq3VIMecAHwzc/30hPf
+gaaoYSQiMuLa34CnNeFxPfxMlH0sXi1QeqaLAtMno5AMQW
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
34
1/nHSAyJPwa5OWrJ5mkfHKh4kog893diYwo1mlIqlp7Qseza
4+uosWAthih/jac1iDmlb03kjR+OQAukXFQ19ejvyrmMhcjhoz
ARqwMgEj6I+JpdJPUxvwVytQ20Nj4lNDRnAb5sp1oAi0u5aN
49afY6kRjNuKUeUkEmrpmumNJJufkDkKx1eqYOBOqQ50K1w
9qFhEOaOLivGQa1IjzNyc+Bbs2TMw8RJWDsA7TVJhQKBcVjt
IOSFzsVjyWJeI9VzB+iUbi
+XCHYRQP0W6el6HWg2b31iNhMID5Lt2GWQOzT6iUVNls
ZFoofyfXsZBY0JC6nsbvZVMRNBGXE2fEFA/qIga8Gn5E
9zcIqibnXXW0jAOa+m3d+KRR49XaoAjgzpJ3ErqLVz1l/nGTix
9W3H4mSHd9xX43h6Pbz0tGmu6l9nnWP/52y6/TMQQB
5v0RHe0klj+uX00ZuezmmeYEapX+SObQrMqmnvTgWApf
7FzulcvAIHomQ184MJzarNnhOpO1AQGESaa6tABtk
2Yzpbm+g5SAgnjwxH0IjeF/kwapQttIYc1TM3qQ9EsPKqbpaQna
4qETIRLI3R6GVNTBnG/g9M9MQh2MtnvonSOlpjDs+Tt
LoO+BtY
9J2XSMK0wtXyONb67xjTRRsC1u1fAvP4RdyHpmM
4JO3+VW1F4n8Vzl+RYrRj0sKja/jHm1ElZvhxJHbwEMFDSv
FIqAVfQGQKy1iJWSjalNeO2TEPVJOf2o+TofnYDq4hk0t
ABVdWLRfmn3byi91+xioIOLputEGG8Zto
AdlPkag/lKBnWa37z3eHnfQC9qWU8dcONBQo/HFxupj
482jQa7lUg3fp7apM4CuDQEgJWYNS4/Z+5+zEqq9q+/w
9ke5Y/a/5ukeP9HRS3xpeEe56qb98qPx3dXSSDgXtD1L
6r48Dl+4ISYmLEl0yFwXtJ3vuYk5NiUjmZsuI1tnLQoxim5z6NUZ
5/7G04mG/BzAX3qT74MlRzVDa7uZdJPyJLyTGUtidn
562HvYnrGtO9P+08OH6c2Dp4eOgNQCrhPP51ZHd9VNo0nyqt
ZmZ0E4oHN4G7ud+6fwIvaSF9gpw1iTWAF5122dr1llAe3ZFPs
5bzv7jrfY7LGuTh+l003MshmtYZAiw8nM1ODm4HstQsSx
HWVb+WK4uiorvhq2cplJ
+71rGQI/kCM8hdZJOUYzsrnQXQUn/rS1O0w9VAP88SG9mJi
QynoX4+BKYtnn4XE4D3tEFUygD2RmG2GdeGBjOeHh/Ke
MrXk2z9oLEn7CaDeZQCp/7wGdDLfb/nAkmyiO6DWkPZzDAz
GdSDd0gRTkY4LdtyjPTkeADN
+wXvjh6tutjgWgHEHI3xnvMan1/rzZV80SGpbqWFEcLCk1
58YuprYqVRN2CmJCILoVbUaay6Vq9jaHkIkT3lxzU
6UkNTKxqo3Rhad9StfxCRqlrYxgd8wEwYJKoZIhvc
NAQkVMQYEBAEAAAAwXQYJKoZIhvcNAQkUMVAeTgBs
AGUALQA2AGMANQA0AGUAMABjADQALQAyAGYANQBkAC0ANABj
AGYAMAAtAGEAYwBiAGUALQBhADAAYgBjAGUAZgA4AGIAYg
A4AGEAMzBpBgkrBgEEAYI3EQExXB5aAE0AaQBjAHIAbwBzAG
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
35
8AZgB0ACAAUgBTAEEAIABTAEMAaABhAG4AbgBlAGw
AIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG
8AdgBpAGQAZQByMIIHZwYJKoZIhvcNAQcGoIIHWDCCB
1QCAQAwggdNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQw
BBjAOBAgQOOB7+SpClQICB9CAggcgKOhImrEmUqPOG
8XR59tFV0HOdvnlfzxI7aM6PnAgwPiMSxa6e69kZ/DCeY
5V5XZkfW+nYAZvgGuZw26oLgVz14T/j0Z3kYTKcn1Mx
+gvj5coadwfR21HirvwyndeXKJ6w1Yh4omK/x4891AFgv
KizeeOewczIGmWCqQh81HUgiR8aAfLU2neKxcLoGOfhQnN
5k/SSKsBTuUBQ80zGiXh+48xS4CTzE8vEyDXyQqE09sqxoDt
WTw7U5cV8qXwpgy+FSb4c/Y/RCggTqmCL+NwSMCvhEGf
KSq9ZwJvniEpsQ1mHzK/e4ZRQH/C
+eNCccV/6zR5onNbZ0fpVTGDCCG0Z9705zzGur5z83CGy
53fcHS2fdoQP6kqps7VeKbym2NBBT6tx9ZD4Ue988EQwk
M0dw/7/9resv6VnL+T9prJJq7pEPKyl8ocTSTPbINsSJ
8f6z+R01/cxOnpyZ3pe2kWneC0xVUeTCsfip5DEbOfga
Cy4omJstlx57Z5GQrVfsO1V21NjY6i0Ev7e2AGyn
+Kq2ZcrTBzijQpoA0djljaFodkBVPwROkXCEjScfV/YjURTSgVcv
1F1k/OyVf3EDcTXzjtOEuvkLrYsBANzAtcchE7tMlJdVlDv
4lA5nudd1plgQkwp911LOM5AieKMGuaSFLCq0RNTho
61AFTeEOCgK1uDoRtac
+TtgzrAyQGpUwQ/j/CFzy2yhQzSg2+nOFDA4D2I2Bw
3SyMVAw45NtPPYnoplY9j0iRPfSOUzbHqULI8PvRyICY
3EhIv7MVzG812TMD1WOvZzaNonSB4plj+rq+aL6YHl5O3/AQ
5v/n3b/ebrKDSSTYROC1nVfxxwF+nLTMeCPumAfb8JWd
AmOvsUmyd8j8b6CgE2fMsR6yzZMmTcdispYe1r
+at4hd7v57K2JKcTKffS23zU9QZ6w30+soSr4dKhXVKo
Fny8pGZkgA5Dd5ksytKJgKJHM5Z6yRij8cc0WwPrqK
9jZvFxq0+t8rAFUA1QRbM6nnwF4g6z2vMdEtUYtn
NXIZIWe5E6YJ1mxzn26dFAt2AnM8MelPSNVaxVqho
CZAZOdRmhYXg4uT
+4rMazBXJ7txtCNsQd/sW4WpOp9jzRoANfhxK2uKkfRS
62216u6hCoVCMj5D7UjB/4S80NZIwa67cikY/89t4v
EZbwvS0dLQ2CMiQVeeUFTo4Hq32RaVRPhIJql0MH/fy
MIvSfqEoMUnY/D/26rKnivVp9XZdyd2ZKMV5nNFtbw
C6UhhQ76PwKRg5GsOuDjUxHzy0DXIgTcSuZWUeu
DNM0iyVZ2LVCRPyTWAiur0nepcn1nVcehlxddqGSu
1AWSqmOODMmwymtm6mDKAvLnN8qjpL742bTIHkmxt
UvoNxrgT4i+0jwGWlGNy6sx3JAXIYZv85xt+cV5KDvm
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
36
F822w6CtUs5l8lWvBdAC6WD
+wmnQzGsqvSbj9jLLKFxOtLYs863dDDtENdZIytrCKjEKNlo
Y8X0flN1fczguZ8ssBa6XWQ4hjgwanpjBsvReJZcWogUFq
YuXtZUB/mIUSZyNSIFwCO4cWa4vqE4P1Pjl56jnIdpqwgqalj
HTm7WsCEIbgdBfyJp75/vJR/A4PAJcsZmFfIayNwM/zePFh
Zp0UdxrnoptZfsF4XspgZEPbHyxmfQG7f8sfAQq0iQlH0kpa
BD3VuTrudgOfFbVfrjim8UXUNhKpYSgy3GWeHXadrOHs
OZ0Yj0a/AY5Wwny7RJAZO00UCMLGRVFxYjj9RQvCPphej
NVmhLNqlT3dqEczH3TptR4xILuoXC6sQkViBhV
7dEp0nVzA6jUzCGOnYmCWi7/N6+bD1XHC6dg
76igIUHHiJz0jqHfIoxqAak+72Iv706QtVMyI+Cpe
4FLRqhoNUJpHAT7+5EOq2WqWXB+KXk5/Wh
7/CIo6pZsAuEAU0elDDz/mex2oUfigYvtywFPBo0f
WzTqkWvP7Pl8E5wudKl9Q+JYoNZVaapChTDJF
9/OoVE1g0rrQ5nxzKQRrTbtekZSJ5j66p107ux2R+Q
7MpRsmwT8ERgW8CexPHOAIKAWSBpWaT6ogh
1MletHIK++ShXSIRa3NbDjrwkU8q0E9wlCUyAfXnQv
4pTQaGHadF/j2F2foMBAW2Jgh1KP9UgB54K+KLRjoIFc
EUqqh+j42bh2/c0jAppJtWNgn2jFQzuK2I3E0MVVNOEPJm
EvpDXM1DZZhFNxeL8D
+LfMn1B4zNTdngE0arUOspr72Rm0Rx43OcU0w/nkL6DckhvIZdco
4PSLLXJeBW/fBc2Ws04/qxEKwreGwCr3fM17X4HZtCRJOsVj0Bg
6JAp3f30Os55bjQanFubM9YFZrC6rGnKshyiUIFutMPwzbuI
WCWQP29TnlSJWk91C0jb2oy6/2O9o7U78grLvGllSyynqehN
8TLxP9MDswHzAHBgUrDgMCGgQU9XDxDBt/loGEHzU/DE
0xAa6823YEFFmEIfAiPtILVXcDNuDn0rU1xc24AgIH0A==",
"password": "juniper",
"internal-interfaces": { },
"external-interfaces": { },
"management-interface": true
}
RESPONSE
HTTP/1.1 201 OK
Content-Length: 112
Content-Type: application/json
{
"result": {
"info": [
{
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
37
"message": "Operation successfully completed."
}
]
}
}
Creating a CSR for a Device Certificate
REQUEST
POST /api/v1/system/certificates/device-certificate-csrs HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
aWZuM2VmZVZTRU9YNVZkVVZ3eFpiYWdob3VCTndxZEkyaExubUcyVU5ibz06
Content-Type: application/json
{
"subject-common-name": "QA.pcs.company.com",
"key-type": "ECDSA",
"ecc-curve": "P-384"
}
RESPONSE
HTTP/1.1 201 OK
Content-Length: 266
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Created CSR 'CSR_164' successfully"
},
{
"message": "Use POST
/api/v1/system/certificates/device-certificate-
csrs/CSR_164/certificate to upload the signed certificate"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
38
Deleting Device Certificate by Its Subject Name
REQUEST
DELETE /api/v1/system/certificates/device-
certificates/srikrsa.test.saqacertserv.com HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
aWZuM2VmZVZTRU9YNVZkVVZ3eFpiYWdob3VCTndxZEkyaExubUcyVU5ibz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Getting System Information
REQUEST
GET /api/v1/system/system-information HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
aWZuM2VmZVZTRU9YNVZkVVZ3eFpiYWdob3VCTndxZEkyaExubUcyVU5ibz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 193
Content-Type: application/json
{
"rollback-partition-information": {
"build": "2330",
"os-name": "ive-sa",
"os-version": "9.1R2"
},
"software-inventory": {
"software": {
"build": "4520",
"name": "IVE-OS",
"type": "operating-system",
"version": "9.1R4"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
39
}
},
"system-information": {
"hardware-model": "PSA5000-V",
"host-name": "localhost2",
"os-name": "ive-sa",
"os-version": "9.1R4",
"serial-number": "VASPHJPEG824R1U0S"
}
}
Retrieving Serial Number and Machine ID
REQUEST
GET /api/v1/system/system-information HTTP/1.1
Host: 10.96.116.30
Authorization: Basic
czM3MzVDTFVYbnFObFR5NHdNSTFES3piSDhrMTVwR0pLV2gwOTlMYmxhYz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 193
Content-Type: application/json
{
"rollback-partition-information": {
"build": "5801",
"os-name": "ive-sa",
"os-version": "9.1R6"
},
"software-inventory": {
"software": {
"build": "6087",
"name": "IVE-OS",
"type": "operating-system",
"version": "9.1R7"
}
},
"system-information": {
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
40
"cluster-node": {},
"hardware-model": "PSA-3000",
"host-name": "node1",
"machine-id": "0312MB24A0EZ504VS",
"os-name": "ive-sa",
"os-version": "9.1R7",
"serial-number": "0312022017100103"
}
}
Realm-based Administrator User Using Administrator Local Authentication Server
REQUEST
POST /api/v1/realm_auth HTTP/1.1
Host: 10.209.114.228
Authorization: Basic YWRtaW4xOmRhbmExMjM=
Content-Type: application/json
{
“realm”: “<realm-name>”
}
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"api_key": "MjUwOGQyNzAyOWU3MWQ2MzNiMTM2Njg2MzAwNDg3MjU="
}
Realm-based Administrator User Using AD Authentication Server
REQUEST
POST /api/v1/realm_auth HTTP/1.1
Host: 10.209.114.228
Authorization: Basic bmF6ZWVyOlBzZWN1cmUxMjMk
Content-Type: application/json
{
"realm": "AdminADRealm"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
41
}
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"api_key": "ODRjOTcxOTY5ZTlmYTcwY2QwYzk1ZDBjMWQ5N2RmN2Q="
}
Realm-based Administrator User Using LDAP Authentication Server
REQUEST
POST /api/v1/realm_auth HTTP/1.1
Host: 10.209.114.228
Authorization: Basic bmF6ZWVyOlBzZWN1cmUxMjMk
Content-Type: application/json
{
"realm": "LDAPRealm"
}
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"api_key": "ZTQxNTIxOTJhNmUwMjg3MWI5MjZkYmE1MGM0MzdiMDI="
}
Realm-based Administrator User Using Radius Authentication Server
REQUEST
POST /api/v1/realm_auth HTTP/1.1
Host: 10.209.114.225
Authorization: Basic amFjazpqdW5pcGVy
Content-Type: application/json
{
"realm": "RadiusAdminRealm"
}
RESPONSE
HTTP/1.1 200 OK
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
42
Content-Type: application/json
{
"api_key": "MGMzZjJkZDZlYmRlYzg0MDE5NzkwYzE1ZGM5MmQyYTQ="
}
Realm-based Administrator User from a Particular Source IP
REQUEST
PUT /api/v1/configuration/administrators/admin-
realms/realm/AdminLocalAuthRealm/authentication-policy/source-
ip/customized HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
T1dFM056VTBPVEl5T0dFeU16WXpOakU0WVRFek9EWXhOamRoTVdVNFpqYz06
Content-Type: application/json
{
"customized": "selected-ip"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type →application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
REQUEST
POST /api/v1/configuration/administrators/admin-
realms/realm/AdminLocalAuthRealm/authentication-policy/source-
ip/ips/ip HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
T1dFM056VTBPVEl5T0dFeU16WXpOakU0WVRFek9EWXhOamRoTVdVNFpqYz06
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
43
{
"access": "allow",
"address": "10.96.158.3",
"netmask": "255.255.255.255"
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 124
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Realm-based Administrator Authorization Role Mapping to .Administrator Role
REQUEST
PUT /api/v1/configuration/administrators/admin-
realms/realm/AdminADRealm/role-mapping-rules HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
TldVNFl6TmtOVEZqTkRFek1EUXdPVGRoTlRrMk9UWTBaR0l3TkRnM1ptST06
Content-Type: application/json
{
"user-selects-role": "false",
"rule": [
{
"roles": [
".Administrators"
],
"stop-rules-processing": "true",
"group": {
"group-names": [
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
44
"PCS-QA/systems"
]
},
"name": "AdminADRoleMapping"
}
],
"user-selects-roleset": "false"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Specifying Session Validity for REST Admin Session
REQUEST
PUT /api/v1/configuration/administrators/admin-roles/admin-
role/%2EAdministrators/general/session-options HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
TldVNFl6TmtOVEZqTkRFek1EUXdPVGRoTlRrMk9UWTBaR0l3TkRnM1ptST06
Content-Type: application/json
{
"idle-timeout": "5"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
45
{
"result": {
"info": [
{
"message": "Operation succeeded without
warning or error!"
}
]
}
}
Getting Active Directory Search Groups
REQUEST
GET /api/v1/configuration/authentication/auth-servers/auth-
server/ADServer/ad/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 294
Content-Type: application/json
{
"ad-group": [
{
"group": "PCS-QA/core",
"name": "PCS-QA/core",
"sid": "S-1-5-21-3875260349-1888520165-453808128-1112"
},
{
"group": "PCS-QA/systems",
"name": "PCS-QA/systems",
"sid": "S-1-5-21-3875260349-1888520165-453808128-1108"
}
]
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
46
Adding Search Group to Active Directory
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/ADServer/ad/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
{
"ad-group": [
{
"group": "PCS-QA/systems",
"name": "PCS-QA/systems"
},
{
"group": "PCS-QA/core",
"name": "PCS-QA/core"
}
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
47
Updating Active Directory Group
NOTE: To update a group, first get already available list using GET operation and append new group to it before
PUT.
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/ADServer/ad/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
{
"ad-group": [
{
"group": "PCS-QA/core",
"name": "PCS-QA/core",
"sid": "S-1-5-21-3875260349-1888520165-453808128-1112"
},
{
"group": "PCS-QA/systems",
"name": "PCS-QA/systems",
"sid": "S-1-5-21-3875260349-1888520165-453808128-1108"
},
{
"group": "PCS-QA/client",
"name": "PCS-QA/client",
"sid": "S-1-5-21-3875260349-1888520165-453808128-1113"
}
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
48
}
]
}
}
Deleting Active Directory Groups
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/ADServer/ad/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
{
"ad-group": [
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Getting All LDAP Group List
REQUEST
GET /api/v1/configuration/authentication/auth-servers/auth-
server/LDAPServer/ldap/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
49
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
Adding Groups to LDAP
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/LDAPServer/ldap/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
{
"user-group": [
{
"dn": "CN=Administrators,CN=Builtin,DC=pcs-
qa,DC=blrlab,DC=net",
"group-type": "static",
"name": "Administrators"
},
{
"dn": "CN=Users,CN=Builtin,DC=pcs-qa,DC=blrlab,DC=net",
"group-type": "static",
"name": "Users"
}
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
50
}
Updating LDAP Source Group
NOTE: To update a group, first get already available list using GET operation and append new group to it and
then perform PUT operation.
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/LDAPServer/ldap/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
{
"user-group": [
{
"dn": "CN=Administrators,CN=Builtin,DC=pcs-
qa,DC=blrlab,DC=net",
"group-type": "static",
"name": "Administrators"
},
{
"dn": "CN=Users,CN=Builtin,DC=pcs-qa,DC=blrlab,DC=net",
"group-type": "static",
"name": "Users"
},
{
"dn": "CN=Guests,CN=Builtin,DC=pcs-qa,DC=blrlab,DC=net",
"group-type": "static",
"name": "Guests"
}
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
{
"result": {
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
51
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Deleting LDAP Source Group
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/LDAPServer/ldap/server-catalog/groups HTTP/1.1
Host: 10.209.116.192
Authorization: Basic
RU9jaHYwdmlqVnJibDBqeE9obTlYZDVOdHhVS2FMeSttVzBqL1pKUXh6bz06
Content-Type: application/json
{
"user-group": [
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 124
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
52
Creating a Cluster
REQUEST
PUT /api/v1/cluster HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
TldVNFl6TmtOVEZqTkRFek1EUXdPVGRoTlRrMk9UWTBaR0l3TkRnM1ptST06
Content-Type: application/json
{
"cluster-name": "cluster1",
"cluster-password": "dana123",
"member-name": "nodeA",
"action": "create"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 118
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Created cluster
'cluster1' successfully"
}
]
}
}
Adding a Member to Cluster
REQUEST
POST /api/v1/cluster/members HTTP/1.1
Host: 10.209.116.214
Authorization: Basic
THI5bmxreU50UE04MWJ6OHRhbjhFMW1PYTVuV3V5MG5XN0oyNmNWcTRhbz06
Content-Type: application/json
{
"member-name" : "node225",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
53
"member-ip" : "3.209.114.225",
"member-netmask" : "255.0.0.0",
"member-gateway" : "3.0.0.1",
"member-external-ip" : "2.209.114.225",
"member-external-netmask" : "255.0.0.0",
"member-external-gateway" : "2.0.0.1"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 125
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Added member 'node225' to cluster
successfully"
}
]
}
}
Getting Cluster Status
REQUEST
GET /api/v1/cluster HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
TWN2cUEzbFRYQXcySjBSbGpKWTAzdk1oa2RiTDFLUVJDUjNNdlQ0UlRJdz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 619
Content-Type: application/json
{
"members": [
{
"enabled": true,
"external-ip": "",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
54
"external-network": "",
"internal-ip": "3.209.114.225",
"internal-netmask": "255.0.0.0",
"name": "node225",
"notes": "Enabled, Unreachable",
"status-code": "0x18"
},
{
"enabled": true,
"external-ip": "10.209.114.194",
"external-network": "255.255.240.0",
"internal-ip": "3.209.114.228",
"internal-netmask": "255.0.0.0",
"name": "nodeA",
"notes": "Leader",
"status-code": "0x19004"
}
],
"mode": "Active/Active",
"name": "cluster1"
}
{
"external-vip-ipv4": "10.204.56.76",
"external-vip-owner": "node-51-39",
"internal-vip-ipv4": "10.204.56.75",
"internal-vip-owner": "node-51-39",
"members": [
{
"enabled": true,
"external-ip": "10.204.56.82",
"external-netmask": "255.255.240.0",
"internal-ip": "10.204.51.39",
"internal-netmask": "255.255.240.0",
"name": "node-51-39",
"notes": "Leader",
"status-code": "0x1b004"
},
{
"enabled": true,
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
55
"external-ip": "10.204.56.87",
"external-netmask": "255.255.240.0",
"internal-ip": "10.204.56.88",
"internal-netmask": "255.255.240.0",
"name": "Node-something",
"notes": "Enabled, Unreachable",
"status-code": "0x18"
}
],
"mode": "Active/Passive",
"name": "TEST-CLUSTER"
}
Deleting Cluster Member
REQUEST
DELETE /api/v1/cluster/members/node225 HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
TWN2cUEzbFRYQXcySjBSbGpKWTAzdk1oa2RiTDFLUVJDUjNNdlQ0UlRJdz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 129
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Removed member 'node225'
from cluster successfully"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
56
Getting Health Check Status
REQUEST
GET /api/v1/system/healthcheck
Host: 10.209.114.228
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"message": "Security Gateway is accessible."
}
REQUEST
GET /api/v1/system/healthcheck?status=all HTTP/1.1
Host: 10.209.114.228
Content-Type: application/json
RESPONSE
Content-Type: application/json
{
"CPU-UTILIZATION4": 8,
"SSL-CONNECTION-COUNT": 0,
"MAX-LICENSED-USERS-REACHED": "NO",
"SWAP-UTILIZATION": 1,
"DISK-UTILIZATION": -1,
"USER-COUNT": 0,
"VPN-TUNNEL-COUNT": 0
}
REQUEST
GET /api/v1/system/healthcheck?status=sbr HTTP/1.1
Host: 10.209.114.228
Content-Type: application/json
RESPONSE
Content-Type: application/json
{
"SBR-AVAILABLE": 1
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
57
Joining a Cluster
REQUEST
PUT /api/v1/cluster HTTP/1.1
Host: 10.209.114.228
Authorization: Basic
SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06
Content-Type: application/json
{
"cluster-name": "cluster",
"cluster-password": "dana123",
"member-address": "3.209.114.225",
"action": "join"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 116
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Joined cluster 'cluster' successfully"
}
]
}
}
VIP Failover
REQUEST
PUT /api/v1/cluster
Host: 10.209.114.228
Authorization: Basic
SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06
Content-Type: application/json
{
"action": "vip-failover"
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
58
RESPONSE
In case of active-passive cluster:
{
"result": {
"info": [
{
"message": "VIP fail-over initiated"
}
]
}
}
In case of active-active cluster:
{
"result": {
"info": [
{
"message": "Node not part of an Active-Passive cluster.
Invalid operation."
}
]
}
}
Configuring IF MAP Server
REQUEST
PUT /api/v1/configuration/system/ifmap/overview/ifmap-config/
Host: xx.xxx.xxx.xxx
Authorization: Basic
SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06
Content-Type: application/json
{
"ifmap-config": " server "
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 116
Content-Type: application/json
{
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
59
"result": {
"info": [
{
"message": ": "Operation succeeded without warning or
error!"
}
]
}
}
Configuring IF MAP Client
REQUEST
PUT /api/v1/configuration/system/ifmap/overview/ifmap-config/
Host: xx.xxx.xxx.xxx
Authorization: Basic
SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06
Content-Type: application/json
{
"auth-type": "basic",
"cert": "None",
"ifmap-config": "client",
"password-encrypted":
"3u+UR6n8AgABAAAAe9Px2XELrbvvAZACcoOJXBM105llgG8QQLNR4hcLNrE=",
"server-url": "https://<PPS-IP-Address>/dana-ws/soap/dsifmap",
"username": "admin1"
}
{
"auth-type": "cert",
"cert": "xx.xxx.xx.xx",
"ifmap-config": "client",
"password-encrypted":
"3u+UR6n8AgABAAAAe9Px2XELrbvvAZACcoOJXBM105llgG8QQLNR4hcLNrE=",
"server-url": "https://<PPS-IP_Address>/dana-ws/soap/dsifmap",
"username": "admin1"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 116
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
60
Content-Type: application/json
{
"result": {
"info": [
{
"message": ": "Operation succeeded without warning or
error!"
}
]
}
}
Configuring No IF MAP Server
REQUEST
PUT /api/v1/configuration/system/ifmap/overview/ifmap-config/
Host: xx.xxx.xxx.xxx
Authorization: Basic
SkUyV1BaVjRjcGxleElRMnNiZXpYajE2dEVIUm9Oa05WWDdRWHh3MmpJZz06
Content-Type: application/json
{
"ifmap-config": "no-ifmap"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 116
Content-Type: application/json
{
"result": {
"info": [
{
"message": ": "Operation succeeded without warning or
error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
61
Getting Config Without Pulse Packages (ESAP and Pulse Client Packages)
REQUEST
GET /api/v1/configuration/authentication/endpoint/host-
checker/esaps?expand&&excludePulsePackages HTTP/1.1
Host: 10.209.125.139
Authorization: Basic
dS9UOURJRWswZzVyMTdieUJqVnhaQnExZUpTTW9ndCtIdGZzMnczMmlzRT06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 561
Content-Type: application/json
{
"active-version": "3.3.5",
"default-version": "3.3.5",
"esap": [
{
"esap-version": "3.3.5",
"last-activated-time": "Sun 17 Mar 2019 23:54:12
PDT",
"upload-time": "Sun 17 Mar 2019 23:53:35 PDT"
},
{
"esap-version": "3.3.6",
"last-activated-time": "Never",
"upload-time": "Mon 18 Mar 2019 21:45:31 PDT"
},
{
"esap-version": "3.3.7",
"last-activated-time": "Never",
"upload-time": "Mon 18 Mar 2019 21:46:12 PDT"
}
],
"force-same-esap": "false",
"opswat-sdk-version": "4"
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
62
Backing Up Binary Configuration
REQUEST
GET /api/v1/system/binary-configuration HTTP/1.1
Host: 10.204.51.39
Authorization: Basic
dS9UOURJRWswZzVyMTdieUJqVnhaQnExZUpTTW9ndCtIdGZzMnczMmlzRT06
RESPONSE
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 50753630
UEsDBBQAAAAIAE9VmU4J1asqz3cDAKx3AwAKABwAc3lzdGVtLmNmZ1VUCQADvUHB
XL1BwVx1eAsAAQQAAAAABAAAAAAAC4D0fwnTMa1OLV2XgACOdwMAINEfP2AuIVXV
B1FhtptLC259gyNPT7WwhtQKbp2Y2+d1h1MTflQis8wbHytXP19D+SM+amX5UKeO
GDUggxgbrEQMXmwOSv8YBrvXIBShmGO5BVqfUemvdNK3OB+S/g8+LIPG5i2c3LVm
W8hY3PLQ9CJHMrFSBFtgyTX2at85MGCsupxd2gOQQ9e138KrI2hBoywDzCJiRUSU
...
Restoring Binary Configuration (import=normal)
The import normal mode will import the binary configuration excluding the IP, network configurations and cluster
configuration. The normal mode is similar to default option in binary import.
REQUEST
PUT /api/v1/system/binary-configuration?import=normal HTTP/1.1
Or
PUT /api/v1/system/binary-configuration HTTP/1.1
Host: 10.204.51.39
Authorization: Basic
dS9UOURJRWswZzVyMTdieUJqVnhaQnExZUpTTW9ndCtIdGZzMnczMmlzRT06
Content-Type: text/html; charset=utf-8
RESPONSE
HTTP/1.1 200 OK
{
"result": {
"info": [
{
"message": "Operation successfully completed."
}
]
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
63
}
}
Error Cases:
import mode specified is incorrect (other than normal or full)
Content-Length: 100
Content-Type: application/json
{
"result": {
"errors": [
{
"message": "Invalid import mode"
}
]
}
}
Content type is not a base 64 encoded binary configuration string
Content-Length: 126
Content-Type: application/json
{
"result": {
"errors": [
{
"message": "Error - Failed to extract configuration files"
}
]
}
}
Restoring Binary Configuration (import=full)
The import full mode will import everything from the binary configuration provided in the body. This is similar to full
binary import.
REQUEST
PUT /api/v1/system/binary-configuration?import=full HTTP/1.1
Host: 10.204.51.39
Authorization: Basic
dS9UOURJRWswZzVyMTdieUJqVnhaQnExZUpTTW9ndCtIdGZzMnczMmlzRT06
Content-Type: text/html; charset=utf-8
Body data:
Base64 configuration string as received in GET request)
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
64
UEsDBBQAAAAIAE9VmU4J1asqz3cDAKx3AwAKABwAc3lzdGVtLmNmZ1VUCQADvUHB
XL1BwVx1eAsAAQQAAAAABAAAAAAAC4D0fwnTMa1OLV2XgACOdwMAINEfP2AuIVXV
B1FhtptLC259gyNPT7WwhtQKbp2Y2+d1h1MTflQis8wbHytXP19D+SM+amX5UKeO
GDUggxgbrEQMXmwOSv8YBrvXIBShmGO5BVqfUemvdNK3OB+S/g8+LIPG5i2c3LVm
……
RESPONSE
HTTP/1.1 200 OK
Content-Length: 112
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation successfully completed."
}
]
}
}
Error Cases:
import mode specified is incorrect (other than normal or full)
Content-Length: 100
Content-Type: application/json
{
"result": {
"errors": [
{
"message": "Invalid import mode"
}
]
}
}
Content type is not a base 64 encoded binary configuration string
Content-Length: 126
Content-Type: application/json
{
"result": {
"errors": [
{
"message": "Error - Failed to extract configuration files"
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
65
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
66
PCS-Specific Configurations Using REST APIs
•
Creating a VLAN
•
Deleting a VLAN
•
Creating a User Role
•
Fetching the User Login Statistics
•
Updating the User Role Settings
•
Deleting a User Role
•
Creating a User Realm
•
Deleting a User Realm
•
Creating a Resource Profile
•
Deleting a Resource Profile
•
Creating a Resource Policy
•
Fetching a Resource Policy
•
Deleting a Resource Policy
•
Creating an AD Authentication Server
•
Deleting an AD Authentication Server
•
Creating an LDAP Authentication Server
•
Creating a Radius Server
•
Modifying Radius Server Details
•
Creating Sign-In-Policy
•
Deleting Sign-In-Policy
•
Disabling Sign-in-URL
•
Creating a Web Bookmark for a Role
•
Reordering
•
Fetching the Resource with Multiple Identifiers
•
Updating Resource Identified Using Multiple Identifiers
•
Fetching Active Number of HTML5 Sessions
•
Updating Password in Clear Text
•
Applying Authcode and Downloading Licenses from PCLS on VA-SPE|PSA-V
•
Applying License
•
Deleting License
•
Getting License Clients
•
Getting License Report from License Server
•
Enabling/Disabling ICE License
•
Getting the Current Status of ICE License
•
Exporting TOTP Users from One Device to Another Device
•
Importing TOTP Users from One Device to Another Device
•
Sample Error Responses
•
Limitations
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
67
Creating a VLAN
To create a VLAN on a cluster node:
REQUEST
POST /api/v1/configuration/system/network/vlans/Node88/vlan/ HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
{
"arp-cache": {
"arp-entry": []
},
"name": "vlan-int-1",
"routes": {
"route": []
},
"settings": {
"default-gateway": "2.0.0.1",
"default-vlan-interface": "false",
"enable-ipv6": "enabled",
"ip-address": "2.2.2.2",
"ipv6-address": "fc00:7777:5678:5678::222",
"ipv6-default-gateway": "fc00:7777:5678:5678::3",
"ipv6-prefix-length": "64",
"is-enabled": "enabled",
"netmask": "255.0.0.0",
"vlan-id": "2",
"vlan-parent": "0"
},
"virtual-ports": {
"virtual-port": []
}
}
RESPONSE
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
68
HTTP/1.1 201 CREATED
Content-Length: 128
Content-Type: application/json
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
}
}
Deleting a VLAN
To delete a VLAN from cluster node:
REQUEST
DELETE /api/v1/configuration/system/network/vlans/Node88/vlan/vlan-int-1
HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating a User Role
To create a user role:
REQUEST
POST /api/v1/configuration/users/user-roles/user-role/ HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
69
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
{
"name": "rest-userrole-4",
"web": {
"web-bookmarks": {
"bookmark": [
{
"auto-allow": "disable",
"description": "",
"name": "web-bm-1",
"new-window": "false",
"no-address-bar": "false",
"no-tool-bar": "false",
"parent": "--none--",
"standard": {
"url": "http://www.msn.com"
}
}
]
},
"web-options": {
"browsing-untrusted-sslsites": "true",
"flash-content": "false",
"hpxproxy-connection-timeout": "1800",
"http-connection-timeout": "240",
"java-applets": "true",
"mask-hostname": "false",
"persistent-cookies": "false",
"rewrite-file-urls": "false",
"rewrite-links-pdf": "false",
"unrewritten-page-newwindow": "false",
"user-add-bookmarks": "false",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
70
"user-enter-url": "false",
"users-bypass-warnings": "false",
"warn-certificate-issues": "true",
"websocket-connection-timeout": "900"
}
}
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without
warning or error!"
}
]
}
}
Fetching the User Login Statistics
To fetch the user login statistics:
REQUEST
GET /api/v1/system/user-stats HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 169
Content-Type: application/json
{
"user-stats": {
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
71
"allocated-user-count": "25",
"current-user-count": "0",
"max-active-user-count-24hrs": "1",
"min-active-user-count-24hrs": "0"
}
}
Updating the User Role Settings
To update the user role settings:
REQUEST
PUT /api/v1/configuration/users/user-roles/user-role/rest-userrole-4
HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
{
"name": "rest-userrole-4",
"web": {
"web-bookmarks": {
"bookmark": [
{
"auto-allow": "disable",
"description": "",
"name": "web-bm-1",
"new-window": "false",
"no-address-bar": "false",
"no-tool-bar": "false",
"parent": "--none--",
"standard": {
"url": "http://www.yahoo.com"
}
}
]
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
72
},
"web-options": {
"browsing-untrusted-sslsites": "true",
"flash-content": "false",
"hpxproxy-connection-timeout": "1800",
"http-connection-timeout": "240",
"java-applets": "true",
"mask-hostname": "false",
"persistent-cookies": "false",
"rewrite-file-urls": "false",
"rewrite-links-pdf": "false",
"unrewritten-page-newwindow": "false",
"user-add-bookmarks": "false",
"user-enter-url": "false",
"users-bypass-warnings": "false",
"warn-certificate-issues": "true",
"websocket-connection-timeout": "900"
}
}
}
}
}
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or
error!"
}
]
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
73
}
}
Deleting a User Role
To delete a user role:
REQUEST
DELETE /api/v1/configuration/users/user-roles/user-role/rest-userrole-4
HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating a User Realm
To create a user realm:
REQUEST
POST /api/v1/configuration/users/user-realms/realm/ HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
{
"accounting-server": "None",
"authentication-group": "",
"authentication-policy": {
"browser": {
"customized": "any-user-agent",
"user-agent-patterns": {
"user-agent-pattern": []
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
74
},
"certificate": {
"cert-key-value-pairs": {
"cert-key-value-pair": []
},
"customized": "allow-all-users"
},
"host-checker": {
"enforce-all-policies": "false",
"enforce-policy-list": null,
"evaluate-all-policies": "false",
"evaluate-logic": "all-policies-must-succeed",
"evaluate-policy-list": null
},
"limits": {
"guaranteed-minimum": null,
"limit-concurrent-users": "false",
"max-sessions-per-user": "1",
"maximum": null
},
"password": {
"primary-password-expiration-warning-days": "14",
"primary-password-management": "true",
"primary-password-minimum-length": "4",
"primary-password-restricted": "allow-passwords-of-minimum-
length",
"secondary-password-expiration-warning-days": "14",
"secondary-password-management": "false",
"secondary-password-minimum-length": "4",
"secondary-password-restricted": "allow-passwords-of-minimum-
length"
},
"source-ip": {
"customized": "any-ip",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
75
"ips": {
"ip": []
}
}
},
"authentication-server": "AD server",
"description": "",
"device-server": "None",
"directory-server": "AD server",
"dynamic-policy": {
"dynamic-policy-evaluation": "false",
"refresh-interval": "60",
"refresh-policies": "false",
"refresh-roles": "false"
},
"editing-description": "false",
"inbound-ifmap-attributes": "false",
"migration-sharing-type": "enable-session-migration",
"name": "rest-user-realm",
"role-mapping-rules": {
"rule": [
{
"name": "rest-admin-rule",
"roles": [
"test1"
],
"stop-rules-processing": "false",
"user-name": {
"test": "is",
"user-names": [
"user1"
]
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
76
}
],
"user-selects-role": "false",
"user-selects-roleset": "false"
},
"secondary-authentication-settings": {
"authentication-must-succeed": "true",
"name": "-",
"password-input": "user",
"predefined-password": "",
"predefined-user-name": "",
"user-name-input": "user"
},
"session-migration": "false"
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
77
Deleting a User Realm
To delete a user realm:
REQUEST
DELETE /api/v1/configuration/users/user-realms/realm/rest-user-realm
HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating a Resource Profile
To create a web resource profile:
REQUEST
POST /api/v1/configuration/users/resource-profiles/web-profiles/web-
profile/ HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
{
"custom": {
"bookmarks": {
"bookmark": [
{
"apply": "all",
"description": "",
"name": "web-resourceprofile",
"new-window": "false",
"no-address-bar": "false",
"no-tool-bar": "false",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
78
"roles": null,
"url": "http://www.google.com"
}
]
},
"client-authentication": [],
"java-acl": [],
"rewriting-options": {
"ptp": [],
"selective-rewriting": "false",
"use-jsam": [],
"use-wsam": []
},
"sso-basic-ntlm-kerberos": [],
"sso-header": [],
"sso-post": [],
"url": "http://www.google.com",
"web-compression": [],
"webacl": [
{
"rules": {
"rule": [
{
"action": "allow",
"name": "Allow http://www.google.com:80/*",
"resource": "http://www.google.com:80/*"
}
]
}
}
],
"webcaching": []
},
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
79
"description": "",
"name": "web-resourceprofile",
"roles": [
"rest-userrole-3"
]
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 128
Content-Type: application/json
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
}
}
Deleting a Resource Profile
To delete a web resource profile:
REQUEST
DELETE /api/v1/configuration/users/resource-profiles/web-profiles/web-
profile/web-resourceprofile HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
80
Creating a Resource Policy
To create a web resource policy:
REQUEST
POST /api/v1/configuration/users/resource-policies/web-policies/web-
acls/web-acl/ HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
{
"action": "allow",
"apply": "selected",
"description": "",
"name": "web-acl-policy",
"parent-type": "none",
"resources": [
"1.1.1.1:80,443/*"
],
"roles": [
"rest-userrole-1"
],
"rules": {
"rule": []
}
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
81
}
]
}
}
Fetching a Resource Policy
To fetch a web resource policy:
REQUEST
GET /api/v1/configuration/users/resource-policies/web-policies/web-
acls/web-acl/name=web-acl-policy,parent-type=none HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Length: 245
Content-Type: application/json
{
"action": "allow",
"apply": "selected",
"description": "",
"name": "web-acl-policy",
"parent-type": "none",
"resources": [
"1.1.1.1:80,443/*"
],
"roles": [
"rest-userrole-1"
],
"rules": {
"rule": []
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
82
Deleting a Resource Policy
To delete a web resource policy:
REQUEST
DELETE /api/v1/configuration/users/resource-policies/web-policies/web-
acls/web-acl/name=web-acl-policy,parent-type=none HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating an AD Authentication Server
REQUEST
POST /api/v1/configuration/authentication/auth-servers/auth-server
HTTP/1.1
Host: 10.209.114.152
Authorization: Basic
QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06
Content-Type: application/json
{
"ad": {
"server-catalog": {
"custom-variables": {
"custom-variable": []
},
"expressions": {
"custom-expression": []
},
"groups": {
"ad-group": []
}
},
"settings": {
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
83
"additional-options": {
"allow-trusted-domains": "false",
"change-machine-password-after-every": "0",
"enable-ntlm-protocol": "true",
"enable-periodic-password-change-of-machine-account":
"false",
"kerberos": "true",
"max-domain-connections": "5",
"ntlm-protocol": "ntlmv2"
},
"container-name": "Computers",
"domain": "TEST",
"kerberos-realm": "TEST.SAQACERTSERV.COM",
"nodenames": [
{
"computer-name": "0332MWK0NRP111",
"machine-hardware-id": "0332MOGWK0NRP111S",
"node": "localhost2"
}
],
"password-encrypted":
"3u+UR6n8AgABAAAAyCaUPKhCg3J/y46bhB4wz6mnupQH0oTHOTfTexJxP2k=",
"save-credentials": "true",
"username": "Administrator"
}
},
"logical-name": "",
"name": "AD-Server",
"user-record-sync": "false"
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 128
Content-Type: application/json
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
84
}
}
Deleting an AD Authentication Server
REQUEST
DELETE /api/v1/configuration/authentication/auth-servers/auth-
server/AD-Server HTTP/1.1
Host: 10.209.114.152
Authorization: Basic
QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating an LDAP Authentication Server
REQUEST
POST /api/v1/configuration/authentication/auth-servers/auth-server HTTP/1.1
Host: 10.209.114.152
Authorization: Basic
QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06
Content-Type: application/json
{
"ldap": {
"server-catalog": {
"attributes": {
"user-attribute": [
{
"name": "cn"
},
{
"name": "department"
},
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
85
{
"name": "departmentNumber"
},
{
"name": "employeeNumber"
},
{
},
{
"name": "o"
},
{
"name": "ou"
},
{
"name": "sAMAccountName"
},
{
"name": "uid"
},
{
"name": "homeDirectory"
},
{
"name": "homeDrive"
},
{
"name": "wWWHomePage"
}
]
},
"custom-variables": {
"custom-variable": []
},
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
86
"expressions": {
"custom-expression": []
},
"groups": {
"user-group": []
}
},
"settings": {
"admin-dn":
"CN=Administrator,CN=Users,DC=test,DC=saqacertserv,DC=com",
"admin-password-encrypted":
}
"3u+UR6n8AgABAAAAQkYh+Te/ebXL7gSn+W6IEPOV2YFsaaikH2SVxkb8lTKzWhS1EPFlsNXBpuQP5sW
XfeOYfjmhQSRZ5DP/z9UhQ/l16DDne9/u7Lw67HyE/8Q=",
"attribute-to-update-at-server": "",
"attribute-type": "type-integer",
"attribute-value-to-update-at-server": "<LOGINTIMELDAP>",
"authentication-required-to-search-ldap": "true",
"backup-port-1": null,
"backup-port-2": null,
"backup-server-1": "",
"backup-server-2": "",
"connection-timeout": "15",
"connection-type": "plain",
"enable-attribute-update-at-server": "false",
"group-base-dn": "",
"group-filter": "",
"ldap-server-type": "active-directory",
"meetings": {
"email-address": "mail",
"full-name": "displayname",
"name-attribute-mapping": "",
"user-name": "samaccountname"
},
"member-attribute": "",
"nested-group-level": "0",
"port": "389",
"query-attribute": "",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
87
"reverse-group-search": "false",
"search-timeout": "60",
"server": "10.209.124.88",
"server-catalog": "catalog",
"test-user-dn": "",
"user-base-dn": "DC=test,DC=saqacertserv,DC=com",
"user-filter": "samaccountname=<USER>",
"validate-referral-cert": "verifyserverconfigured",
"validate-server-cert": "false"
}
},
"logical-name": "",
"name": "LDAP-Server",
"user-record-sync": "false"
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 128
Content-Type: application/json
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
}
}
Creating a Radius Server
REQUEST
POST /api/v1/configuration/authentication/auth-servers/auth-server
HTTP/1.1
Host: 10.209.114.152
Authorization: Basic
QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06
Content-Type: application/json
{
"logical-name": "",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
88
"name": "Radius-Server",
"radius": {
"server-catalog": {
"attributes": {
"user-attribute": []
},
"custom-variables": {
"custom-variable": []
},
"expressions": {
"custom-expression": []
}
},
"settings": {
"accounting-port": "1813",
"authenticate-with-tokens-onetimepassword": "false",
"authentication-port": "1812",
"backup-accounting-port": "1813",
"backup-authentication-port": "1812",
"backup-server": "10.209.126.179",
"backup-shared-secret-encrypted":
"3u+UR6n8AgABAAAA2Th1sUV9vXDS9gRdMt1yCB4Ol6tacMTwhWsTlIFd7Q4=",
"custom-radius-rules": {
"custom-radius-rule": []
},
"interim-update-interval": null,
"load-balance-auth": "false",
"nasid": "",
"nasipaddr": "10.209.113.88",
"process-radius-disconnect": "false",
"retries": "0",
"server": "10.209.126.179",
"shared-secret-encrypted":
"3u+UR6n8AgABAAAA2Th1sUV9vXDS9gRdMt1yCB4Ol6tacMTwhWsTlIFd7Q4=",
"timeout": "30",
"use-nc-assigned-ip": "false",
"use-subsession-interim-update": "false",
"user-name": "<USER>(<REALM>)[<ROLE SEP=\",\">]"
}
},
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
89
"user-record-sync": "false"
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 128
Content-Type: application/json
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
}
Modifying Radius Server Details
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/Radius-Server HTTP/1.1
Host: 10.209.114.152
Authorization: Basic
QmJYZlZ6eER2Tzhodjh4NzhlU28vU1NNZ0tHelJJUHhsbC9pdjcrZlRxcz06
Content-Type: application/json
{
"name": "Radius-Server",
"radius": {
"settings": {
"backup-accounting-port": "1814",
"backup-authentication-port": "1816",
"backup-server": "2.2.2.2"
}
}
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 128
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
90
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Creating Sign-In-Policy
REQUEST
POST /api/v1/configuration/authentication/signin/urls/access-
urls/access-url/ HTTP/1.1
Host: 10.209.113.89
Authorization: Basic
MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06
Content-Type: application/json
{
"description": "",
"enabled": "true",
"page": "Default Sign-In Page",
"realm-select": "pick-list",
"url-pattern": "test/url3/",
"user": {
"enable-new-ux-pages": "false",
"meeting-url": "*/meeting/",
"post-authentication-signin-notification-id": "None",
"post-authentication-signin-notification-skip": "false",
"pre-authentication-signin-notification-id": "None",
"realms": [
"Users"
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
91
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 128
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Deleting Sign-in-Policy
REQUEST
DELETE /api/v1/configuration/authentication/signin/urls/access-
urls/access-url/test%5C%2Furl3%5C%2F HTTP/1.1
Host: 10.209.113.89
Authorization: Basic
MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06
Cache-Control: no-cache
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Disabling Sign-in-URL
REQUEST
PUT /api/v1/configuration/authentication/signin/urls/access-urls/access-
url/test%5C%2Furl1%5C%2F/enabled HTTP/1.1
Host: 10.209.113.89
Authorization: Basic
MEthMXM0MmJraHpjYms0WFZCZ29Xb3k1Nk5NL3JqaDBwQ05iTmFhUlh5ST06
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
92
Content-Type: application/json
{
"enabled": "false"
}
RESPONSE
HTTP/1.1 200 OK
Content-Length: 128
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Creating a Web Bookmark for a Role
To create a web bookmark for a role:
REQUEST
POST /api/v1/configuration/users/user-roles/user-role/rest-userrole-
1/web/web-bookmarks/bookmark HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
Content-Type: application/json
Cache-Control: no-cache
{
"auto-allow": "disable",
"description": "",
"name": "webbm",
"new-window": "false",
"no-address-bar": "false",
"no-tool-bar": "false",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
93
"parent": "--none--",
"standard": {
"url": "http://www.yahoo.com"
}
}
RESPONSE
HTTP/1.1 201 CREATED
Content-Length: 122
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
}
]
}
}
Reordering
For re-ordering existing ordered elements in the configuration, a PUT API can be used with an 'order' suffix. This API
can be used to reorder any ordered element in the configuration including role-mapping-rules, resource policies
and ACLs.
Example: Reorder existing role-mapping-rules in a specific realm.
REQUEST
PUT /api/v1/configuration/users/user-realms/realm/testRealm/role-
mapping-rules/rule/order HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06
Content-Type: application/json
{
"rule": [
{
"href": "/api/v1/configuration/users/user-
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
94
realms/realm/testRealm/role-mapping-rules/rule/rule3"
},
{
"href": "/api/v1/configuration/users/user-
realms/realm/testRealm/role-mapping-rules/rule/rule1"
}
]
}
RESPONSE
HTTP/1.1 200 OK
content-length: 122
content-type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
}
]
}
}
Fetching the Resource with Multiple Identifiers
Example: Retrieve one of SNMP Trap server configured on PCS device
REQUEST
GET /api/v1/configuration/system/log/snmp/localhost2/trap-servers/trap-
server/ip=1.1.1.1,port=162 HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06
RESPONSE
HTTP/1.1 200 OK
content-length: 65
content-type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
95
{
"community": "public",
"ip": "1.1.1.1",
"port": "162"
}
Updating Resource Identified Using Multiple Identifiers
Example: Updating the community string for specific SNMP trap server identified by IP and port
REQUEST
PUT /api/v1/configuration/system/log/snmp/localhost2/trap-servers/trap-
server/ip=1.1.1.1,port=162/community HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06
Content-Type: application/json
{
"community": "pulsesecure"
}
RESPONSE
HTTP/1.1 200 OK
content-length: 122
content-type: application/json
{
"result": {
"info": [
{
"message": "Operation succeed without warning or error!"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
96
Fetching Active Number of HTML5 Sessions
REQUEST
GET /api/v1/stats/active-html5-sessions HTTP/1.1
Host: 10.96.116.40
Authorization: Basic
b1hBV3FaTktKQzhaOU5MNTNsLzJGQXZmNWZ1TGhFSUUyUlVJVDlaRnFVYz06
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
content-length: 32
content-type: application/json
{
"active-html5-sessions": 3
}
Updating Password in Clear Text
Example: Updating password of System Local User.
REQUEST
PUT /api/v1/configuration/authentication/auth-servers/auth-
server/System%20Local/local/users/user/user0001/password-cleartext
HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
T0o1dzVpK3g4U0dKV0d1TkJCdWlwVzREaUc0SjZvbkExMVljc0RtNU14bz06
Content-Type: application/json
{
"password-cleartext": "Psecure"
}
RESPONSE
HTTP/1.1 200 OK
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
97
content-length: 128
content-type: application/json
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
}
}
Applying Authcode and Downloading Licenses from PCLS on VA-SPE|PSA-V
In PCS 8.3R4|PPS 5.4R4, this REST API can be used to download the license key from PCLS and install on the Virtual
Appliance.
REQUEST
PUT /api/v1/license/auth-code HTTP/1.1
Host: 10.209.125.7
Authorization: Basic
TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0=
Content-Length: 35
Content-Type: application/json
{
"auth-code":"<auth-code-to-apply>"
}
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 191
{
"result": {
"info": [
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
98
{"message": "Installed new license key \"landmark utility
prestige trip mayor diesel faucet summer prestige income heritage\""}
]
}
}
Applying License
REQUEST
PUT /api/v1/license/license-key?action=install HTTP/1.1
Host: 10.209.125.7
Authorization: Basic
TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0=
Content-Type: application/json
{
"keys":[
"key1",
“key2”,
….
]
}
Example:
{
"keys":[
"operation tree crayon holiday kingdom lasso doorway square
dish modem gecko",
"buffalo safety inch topaz banquet nitrogen garnish step
recital wedge trace"
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Installed licenses"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
99
Deleting License
REQUEST
PUT /api/v1/license/license-key?action=delete HTTP/1.1
Host: 10.209.125.7
Authorization: Basic
TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0=
Content-Type: application/json
{
"keys":[
"key1",
“key2”,
….
]
}
Example:
{
"keys":[
"operation tree crayon holiday kingdom lasso doorway square
dish modem gecko",
"buffalo safety inch topaz banquet nitrogen garnish step
recital wedge trace"
]
}
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Deleted <number> licenses"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
100
Getting License Clients
REQUEST
GET /api/v1/license/license-clients HTTP/1.1
Host: 10.209.125.7
Authorization: Basic
TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0=
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"license_clients": [
{
"feature_capacities": [
{
"feature_name": "add_user_count",
"leased_value": 25
},
{
"feature_name": "onboard",
"leased_value": 0
},
{
"feature_name": "embeddedrdpapplet",
"leased_value": 0
},
{
"feature_name": "vm_cores_leasable",
"leased_value": 4
},
{
"feature_name": "add_meeting_user_count",
"leased_value": 0
},
{
"feature_name": "cloudsecure_count",
"leased_value": 0
},
{
"feature_name": "named_user_count",
"leased_value": 0
},
{
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
101
"feature_name": "ueba",
"leased_value": 0
}
],
"last_renewal": "Wed, 04 Dec 2019 06:32:26 GMT",
"machine_id": "VASPH3944M9D8551S",
"name": "va_spe_3_3_125_4"
},
{
"feature_capacities": [
{
"feature_name": "add_user_count",
"leased_value": 25
},
{
"feature_name": "onboard",
"leased_value": 0
},
{
"feature_name": "embeddedrdpapplet",
"leased_value": 0
},
{
"feature_name": "vm_cores_leasable",
"leased_value": 4
},
{
"feature_name": "add_meeting_user_count",
"leased_value": 0
},
{
"feature_name": "cloudsecure_count",
"leased_value": 0
},
{
"feature_name": "named_user_count",
"leased_value": 0
},
{
"feature_name": "ueba",
"leased_value": 0
}
],
"last_renewal": "Thu, 05 Dec 2019 13:45:31 GMT",
"machine_id": "VASPHXVK2E117PM8S",
"name": "va_spe_3_3_125_8"
},
]
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
102
}
Getting License Report from License Server
REQUEST
GET /api/v1/license/report HTTP/1.1
Host: 10.209.125.7
Authorization: Basic
TnBDUk1veFFFQTJKZjM0S2ZxV2JKUlhRaDJaWGFrYnkvWVpTR3hhNTdmbz0=
Content-Type: application/json
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
License Usage Report
{
"LicenseUsageReport": {
"MachineID": "VASPMMXXXXXXXX",
"build-number": "4762",
"cumulative-report": {…},
"granular-report": {…},
"cluster-granular-report": {…},
"time-stamp": "Mon Jan 13 20:04:40 2020",
"version": "9.1"
}
}
Cumulative Report
https://<license-server>/api/v1/license/report/cumulative-report
{
"cumulative-report": {
"add-meeting-user-count": {
"Year":[
{
"Month": [
{
"Date": [
{
"Leased": "0",
"Maximum": "30",
"id": "06"
}
{…},
{…},
{…},
{…}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
103
]
"Leased": "0",
"Maximum": "30",
"id": "Jan",
}
{…}
]
"id": "2020"
}
{…}
]
}
}
Granular Report
https://<license-server>/api/v1/license/report/granular-report
{
"license-client": [
{
"add-user-count": {
"Year": [
{
"Month": [
{
"Date": [
{…},
{…},
{…},
{…}
]
"Leased": "0",
"Maximum": "0",
"id": "Jan"
}
],
"id": "2020"
}
]
},
"name": “PSA_V_10_209_125_101",
"software-version": "7.4"
},
{…}
}
Cluster Granular Report
https://<license-server>/api/v1/license/report/cluster-granular-report
{
"add-user-count": {
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
104
"Year": [
{
"Month": [
{
"Date": [
{
"Leased": "40",
"Maximum": "21",
"client-node": "node63lc,node66lc",
"id": "24"
},
{
"Leased": "40",
"Maximum": "1",
"client-node": "node63lc,node66lc",
"id": "25"
},
{
"Leased": "40",
"Maximum": "1",
"client-node": "node63lc,node66lc",
"id": "26"
}
],
"Leased": "40",
"Maximum": "21",
"id": "Feb"
}
],
"id": "2020"
}
]
},
"cluster-name": "liccluster"
}
The following extensions of the API are supported:
1. /api/v1/license/report – entire license report in JSON
2. /api/v1/license/report/cumulative-report – The cumulative
report.
• Following trace-down options available here
i. /api/v1/license/report/cumulative-
report/<license-feature-type>
ii. /api/v1/license/report/cumulative-
report/<license-feature-type>/<year>
iii. /api/v1/license/report/cumulative-
report/<license-feature-type>/<year>/<month>
iv. /api/v1/license/report/cumulative-
report/<license-feature-type>/<year>/<month>/<day>
3. /api/v1/license/report/granular-report – License usage report
per license client.
• Following trace-down options available here
i. /api/v1/license/report/granular-report/<license-
client>
ii. /api/v1/license/report/granular-report/<license-
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
105
client>/<add-user-count>
iii. /api/v1/license/report/granular-report/<license-
client>/<add-user-count>/<year>
iv. /api/v1/license/report/granular-report/<license-
client>/<add-user-count>/<year>/<month>
v. /api/v1/license/report/granular-report/<license-
client>/<add-user-count>/<year>/<month>/<day>
Example:
API - /api/v1/license/report/granular-report/node63lc/add-
user-count/2020/Mar/20
{
"Leased": 40,
"Maximum": 14,
"id": "20"
}
4. /api/v1/license/report/cluster-granular-report – License
usage report per license client cluster.
• Following trace-down options available here
i. /api/v1/license/report/cluster-granular-
report/<license-client>
ii. /api/v1/license/report/cluster-granular-
report/<license-client>/<add-user-count>
iii. /api/v1/license/report/cluster-granular-
report/<license-client>/<add-user-count>/<year>
iv. /api/v1/license/report/cluster-granular-
report/<license-client>/<add-user-count>/<year>/<month>
v. /api/v1/license/report/cluster-granular-
report/<license-client>/<add-user-
count>/<year>/<month>/<day>
Example:
API - /api/v1/license/report/cluster-granular-
report/liccluster/add-user-count/2020/Mar/22
{
"Leased": 40,
"Maximum": 16,
"cluster-member": [
"node63lc",
"node66lc"
],
"id": "22"
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
106
Enabling/Disabling ICE License
Enabling ICE License
Content of ice_enable.json file:
more ice_enable.json
{
"mode": "enabled"
}
REQUEST
curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=:
https://10.209.125.4/api/v1/license/ice -X PUT -H "Content-Type:
application/json" -d @ice_enable.json
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": {
"info": [
{
"message": "ICE license is enabled"
}
]
}
}
Disabling ICE License
Content of ice_disable.json file:
more ice_disable.json
{
"mode" : "disabled"
}
REQUEST
curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=:
https://10.209.125.4/api/v1/license/ice -X PUT -H "Content-Type:
application/json" -d @ice_disable.json
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"result": {
"info": [
{
"message": "ICE license is disabled"
}
]
}
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
107
Getting the Current Status of ICE License
REQUEST
curl -k -u TVGJ9xV9XvuA1JDB1nPkjC5BilAQAhUMn2dPHLZgP/o=:
https://10.209.125.4/api/v1/license/ice
RESPONSE
ICE License Enabled
HTTP/1.1 200 OK
Content-Type: application/json
{
"mode": "enabled"
}
ICE License Disabled
HTTP/1.1 200 OK
Content-Type: application/json
{
"mode": "disabled"
}
Exporting TOTP Users from One Device to Another Device
REQUEST
GET /api/v1/totp/Google TOTP Auth Server/users HTTP/1.1
Host: 10.209.115.19
Authorization: Basic ZzBPeVdDVmtDT3FoSjBwcVUyRTdzK3hyeHo0OFpzMGtFRjM4WndFNDE1ST06
RESPONSE
HTTP/1.1 200 OK
Content-Length: 191
Content-Type: application/json
{
"users": "21ubWxSvAwABAAAAlx9igwcQok9s+MV0zg/b+oer3z
7Kj0iXbVzJ+qDMiguTtWZaxnGHGTGQEcHD7BTMGjz1QYbO00z
BF+6DGp2y/9pj+8Wf4SXTQbYIeDomT4w2Kl4oc1EZhFruWLW
nll+58x2b0kxsURCb+P0It8K+msqFXBhOEDY7l0W4+P+A8UZ
az6In/gMq8Qd766i7RN1oZ+hzHUMYJUB72tzIQ+CiA8tTv6awe
C6TGy9/a9C6vVbLY0+ZUgGTffWzJxcoZbEbdwiCFoZyex5
UWTUFIj0Z4XAPoZ4HTWZsxP5YwXcJpsnbOzCqW/dTB6Wp
YWYp6R+MUn2yu/hZeu7z1qVhXlr8bK5LifH/u6J76SpErL1eELh1b
YF17DWPfo6xspG7rffhs2k9vPVB1oq2kud+42hPo6vZaMfcwaz9l
KRrftIgAu2o3JBJfdNHrUTOu2+Y6Qmc0in6MfIBNNrVr9D6hdWmIdr
Nr7PXHa4uJoP+CAuOp3OamTox2sgmvE7YNjC0SlSPgyFfx0kfzCb2
K3Mrcq1UuJUJLhK7L3lne4f1QiWKoZ8q8zluaV+eRSJHBez9Pjo+Lz
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
108
BpYwoXStduOC20FVY4+KCHDasufdAOCD/Lga4mFFE5ItAui18ObOf
RtxLvoZUIuGS8w019mbRaNDlVa52sUzuZBClqx+4lueBCQYEUNrDr
HVG0AzqUBbAeL+WV8VRJrxVW8sIlArqY8n29pD66BozsGKoxBq
XSe/fZxEDu9ZqI4xfzSCCsfqTiv0LAM4p+cZekhcjvRwtuImNjX+qj7A=="
}
Importing TOTP Users from One Device to Another Device
REQUEST
POST /api/v1/totp/Google TOTP Auth Server/users HTTP/1.1
Host: 10.209.115.19
Authorization: Basic
ZzBPeVdDVmtDT3FoSjBwcVUyRTdzK3hyeHo0OFpzMGtFRjM4WndFNDE1ST06
Content-Type: application/json
{
"users": "21ubWxSvAwABAAAAlx9igwcQok
9s+MV0zg/b+oer3z7Kj0iXbVzJ+qDMiguTtWZ
axnGHGTGQEcHD7BTMGjz1QYbO00zBF+6DG
p2y/9pj+8Wf4SXTQbYIeDomT4w2Kl4oc1EZhFru
WLWnll+58x2b0kxsURCb+P0It8K+msqFXBh
OEDY7l0W4+P+A8UZaz6In/gMq8Qd766i7
RN1oZ+hzHUMYJUB72tzIQ+CiA8tTv6aweC6
TGy9/a9C6vVbLY0+ZUgGTffWzJxcoZbEbdwiCFo
Zyex5UWTUFIj0Z4XAPoZ4HTWZsxP5YwXcJpsnb
OzCqW/dTB6WpYWYp6R+MUn2yu/hZeu7z1qVhXlr8b
K5LifH/u6J76SpErL1eELh1bYF17DWPfo6xspG7rffhs2
k9vPVB1oq2kud+42hPo6vZaMfcwaz9lKRrftIgAu2o3
JBJfdNHrUTOu2+Y6Qmc0in6MfIBNNrVr9D6hdWmIdr
Nr7PXHa4uJoP+CAuOp3OamTox2sgmvE7YNjC0SlSP
gyFfx0kfzCb2K3Mrcq1UuJUJLhK7L3lne4f1QiWKoZ8q
8zluaV+eRSJHBez9Pjo+LzBpYwoXStduOC20FVY4+KCHD
asufdAOCD/Lga4mFFE5ItAui18ObOfRtxLvoZUIuGS8w019mb
RaNDlVa52sUzuZBClqx+4lueBCQYEUNrDrHVG0AzqUBb
AeL+WV8VRJrxVW8sIlArqY8n29pD66BozsGKoxBqXSe/f
ZxEDu9ZqI4xfzSCCsfqTiv0LAM4p+cZekhcjvRwtuImNjX+qj7A=="
}
RESPONSE
HTTP/1.1 200 OK
content-length →47
Content-Type: application/json
{
“message' => 'Successfully imported user data'
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
109
Sample Error Responses
400 BAD REQUEST
REQUEST
PUT /api/v1/configuration/users/user-realms/realm/testRealm/role-
mapping-rules/rule/rule1 HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06
Content-Type: application/json
{
"name": "rule1",
"roles": [
"Users"
],
"stop-rules-processing": "false",
"user-name": {
"test": "is",
"user-names": [
"*",
]
}
}
RESPONSE
HTTP/1.1 400 BAD REQUEST
content-length: 92
content-type: application/json
{
"message": "The browser (or proxy) sent a request that this server
could not understand."
}
Solution: Invalid JSON body content in Request. Please check if JSON is valid.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
110
REQUEST
PUT /api/v1/configuration/users/user-roles/user-role/rest-userrole-1
HTTP/1.1
Host: 10.209.113.88
Authorization: Basic
MVhDbDJTSUhkV3ZjUkd6WXM1T1V3MU5wbHNmemJPbTJxSHI2NVZCdXp5bz06
{
"name": "rest-userrole-1",
"web": {
"web-bookmarks": {
"bookmark": [
{
"auto-allow": "disable",
"description": "",
"name": "web-bm-1",
"new-window": "false",
"no-address-bar": "false",
"no-tool-bar": "false",
"parent": "--none--",
"standard": {
"url": "http://www.yahoo.com"
}
}
]
},
"web-options": {
"browsing-untrusted-sslsites": "true",
"flash-content": "false",
"hpxproxy-connection-timeout": "1800",
"http-connection-timeout": "240",
"java-applets": "true",
"mask-hostname": "false",
"persistent-cookies": "false",
"rewrite-file-urls": "false",
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
111
"rewrite-links-pdf": "false",
"unrewritten-page-newwindow": "false",
"user-add-bookmarks": "false",
"user-enter-url": "false",
"users-bypass-warnings": "false",
"warn-certificate-issues": "true",
"websocket-connection-timeout": "900"
}
}
}
RESPONSE
HTTP/1.1 400 BAD REQUEST
Content-Length: 99
Content-Type: application/json
{
"result": {
"errors": [
{
"message": "Accepts only JSON."
}
]
}
}
Note: Include the “Content-Type” header in the request with a value “application/json” as used in the examples
above.
403 Forbidden
REQUEST
GET /api/v1/auth HTTP/1.1
Host: 10.209.112.106
Authorization: Basic YWRtaW5kYjpkYW5hMTIz
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
112
RESPONSE
HTTP/1.1 403 Forbidden
cache-control: no-store
connection: Keep-Alive
content-type: text/html; charset=utf-8
expires:-1
keep-alive: timeout=15
strict-transport-security →max-age=31536000
transfer-encoding: chunked
Solutions:
1. Make sure admin user used for authentication has "Allow access to REST APIs" option enabled from
admin UI
2. Admin Username and Password passed in Authorization header are correct
3. If api_key is available, use api_key value as username and password as empty in authorization header
404 NOT FOUND
REQUEST
GET /api/v1/configuration/users/user-realms/realm/testRealm/role-
mapping-rules/rule HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06
RESPONSE
HTTP/1.1 404 NOT FOUND
content-length: 213
content-type: application/json
{
"result": {
"errors": [
{
"message": "Invalid resource path; use \"users/user-
realms/realm/testRealm/role-mapping-rules/rule/<resource-id>\" to access
a specific resource"
}
]
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
113
}
}
Solution: Resource-id should be passed in Resource path as shown in example below.
REQUEST
GET /api/v1/configuration/users/user-realms/realm/testRealm/role-
mapping-rules/rule/rule1 HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06
RESPONSE
HTTP/1.1 200 OK
content-length: 167
content-type: application/json
{
"name": "rule1",
"roles": [
"Users"
],
"stop-rules-processing": "false",
"user-name": {
"test": "is",
"user-names": [
"*"
]
}
}
Solution: Invalid JSON body content in Request. Please check if JSON is valid.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
114
422 UNPROCESSABLE ENTITY
REQUEST
POST /api/v1/configuration/users/user-realms/realm/testRealm/role-
mapping-rules/rule/ HTTP/1.1
Host: 10.209.112.106
Authorization: Basic
Y1VPZE1XZ1ZubVEvVnIrcWwrd3lJY3F0Y05WTGhDVkx1M0wrdk5YR3hzVT06
Content-Type: application/json
{
"name": "rule2",
"roles": [
"Users",
"testRole1"
],
"stop-rules-processing": "false",
"user-name": {
"test": "is",
"user-names": [
"user1"
]
}
}
RESPONSE
HTTP/1.1 422 UNPROCESSABLE ENTITY
content-length: 368
content-type: application/json
{
"result": {
"errors": [
{
"message": "[/users/user-
realms/realm[name=testRealm]/role-mapping-rules/rule[name=rule2]/roles]
Invalid reference: no 'User Roles' object found with identifier
'testRole1'."
},
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
115
{
"message": "Failed to resolve path references"
},
{
"message": "Commit failed"
}
]
}
}
Solution: Make sure to have all the referenced resources are created first using POST call and then repeat.
Limitations
1. Configuration of large data objects is not qualified- ESAP, Pulse Client package, Custom Sign-in page,
applets, and so on.
2. Resource names similar to resource tags e.g. vlans, roles, etc. should be avoided while creating new
resources.
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
116
PPS-Specific Configurations Using REST APIs
•
Creating the HC Policy
•
Deleting the HC Policy
•
Creating the Infranet Enforcer
•
Deleting the Infranet Enforcer
•
Creating a Resource Policy
•
Deleting a Resource Policy
•
Creating a RADIUS Client
•
Deleting a RADIUS Client
•
Creating a RADIUS Attribute Policy
•
Deleting a RADIUS Attribute Policy
•
Creating SNMP Device
•
Deleting SNMP Device
•
Creating SNMP Policy
•
Deleting SNMP Policy
•
Creating Device Group - TACACS+
•
Deleting Device Group- TACACS+
•
Creating TACACS+ Client
•
Deleting TACACS+ Client
•
Creating Shell Policies
•
Deleting Shell Policies
•
Creating Admission Control Client
•
Deleting Admission Control Client
•
Creating Admission Control Policy
•
Deleting Admission Control Policy
•
Profiler REST APIs
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
117
Creating the HC Policy
REQUEST
POST api/v1/configuration/authentication/endpoint/host-
checker/policies/policy HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"policy-name": "HC",
"regular": {
"platforms": {
"chromeos": {
"dashboard": {
"consider-for-reporting": "true"
},
"remediation": {
"custom-instructions": "",
"enable-custom-instructions": "false",
"send-reason-strings": "true"
}
},
"windows": {
"dashboard": {
"consider-for-reporting": "true"
},
"remediation": {
"custom-instructions": "",
"delete-files": "false",
"enable-custom-instructions": "false",
"files": null,
"kill-processes": "false",
"processes": null,
"send-reason-strings": "true"
},
"rule-expression": {
"custom-expression": "",
"requirement": "all"
},
"rules": {
"advancedRule": [],
"firewall-rules": {
"firewall-rule": [
{
"needs-monitoring": "false",
"product-list": null,
"product-selection-option":
"specific",
"rule-name": "rule1",
"select-specific-product": "false",
"select-specific-vendor": "true",
"selected-product-list": {
"product-info": [
{
"product-name":
"Windows Firewall (10.x)",
"turn-on-firewall":
"true"
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
118
},
{
"product-name":
"Windows Firewall (6.x)",
"turn-on-firewall":
"false"
}
]
},
"turn-on-firewall-all": "false",
"vendor-list": [
"Microsoft Corporation"
]
}
]
}
}
}
}
}
}
RESPONSE
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly
changed"
}
]
}
}
Deleting the HC Policy
REQUEST
DELETE api/v1/configuration/authentication/endpoint/host-
checker/policies/policy/HC HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
119
Creating the Infranet Enforcer
REQUEST
POST api/v1/configuration/uac/infranet-
enforcer/connections/infranet-enforcer HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"idp-for-local-sessions-only": "true",
"junos": {
"location-group": "- No 802.1X -",
"password-encrypted":
"3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY="
},
"name": "SRX",
"serial-number": [
"ABCNWPWFS"
],
"severity-filter": "medium",
"use-idp": "false"
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Deleting the Infranet Enforcer
REQUEST
DELETE api/v1/configuration/uac/infranet-
enforcer/connections/infranet-enforcer/SRX HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
120
Creating a Resource Policy
REQUEST
POST api/v1/configuration/uac/infranet-enforcer/resource-access-
policies/resource-access-policy/ HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"action": "allow-access",
"apply": "all-roles",
"apply-ie-options": "all-options",
"deny-message": "",
"description": "",
"ie-options": [],
"infranet-enforcer": [
"(all)"
],
"name": "Resource Policy",
"resources": [
"10.25.15.0/24:*"
],
"roles": null,
"vsys": ""
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Deleting a Resource Policy
REQUEST
DELETE api/v1/configuration/uac/infranet-enforcer/resource-access-
policies/resource-access-policy/Resource%20Policy HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
121
Creating a RADIUS Client
REQUEST
POST /api/v1/configuration/uac/network-access/radius-clients/radius-
client HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"coa-support": "false",
"description": "",
"disconnect-support": "true",
"dynamic-auth-port": "3799",
"enable": "true",
"gatewayid": "",
"ip-address": "10.204.88.12",
"ip-address-range": "1",
"kek-encrypted": "",
"key-wrap-format": "HEX",
"key-wrap-support": "false",
"location-group": "Default",
"mack-encrypted": "",
"make-model": "Ruckus Wireless",
"name": "Ruckus",
"ruckus-certificate-verification": "false",
"ruckus-password-encrypted": "",
"shared-secret-encrypted":
"3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY="
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Deleting a RADIUS Client
REQUEST
Delete /api/v1/configuration/uac/network-access/radius-clients/radius-
client/Ruckus HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
122
Creating a RADIUS Attribute Policy
REQUEST
POST /api/v1/configuration/uac/network-access/radius-attribute/radius-
attributes-policies/radius-attribute-policy HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"apply": "all",
"description": "",
"location-group": [
"Guest"
],
"name": "Return Attribute policy",
"network-interface": "automatic",
"open-port": "false",
"return-attribute-flag": "false",
"return-attributes": {
"return-attribute": []
},
"roles": null,
"send-session-timeout-by-default": "false",
"send-termination-action-by-default": "false",
"vlan": "65",
"vlan-check": "true"
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
}
Deleting a RADIUS Attribute Policy
REQUEST
DELETE /api/v1/configuration/uac/network-access/radius-
attribute/radius-attributes-policies/radius-attribute-
policy/Return%20Attribute%20policy/HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
123
Content-Length: 0
Content-Type: application/json
Creating SNMP Device
REQUEST
POST /api/v1/configuration/uac/snmpEnforcement/clients/client HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"default-vlan": "0",
"description": "",
"enable": "true",
"ip-address": "10.204.88.12",
"location-group": "none",
"model": "Ruckus Wireless",
"name": "ruckus",
"read-auth-password-encrypted": "",
"read-auth-protocol": "md5",
"read-priv-password-encrypted": "",
"read-priv-protocol": "",
"read-security-level": "auth",
"read-username": "public",
"snmp-enforcement": "false",
"snmp-version": "V2",
"ssh-passphrase-encrypted": "",
"ssh-port-number": "22",
"ssh-private-key-encrypted": "",
"ssh-user-name": "",
"ssh-user-password-encrypted": "",
"sys-contact": "https://support.ruckuswireless.com/contact_us",
"sys-description": "Ruckus Wireless ZD1200",
"sys-location": "350 West Java Dr. Sunnyvale, CA 94089 US",
"sys-name": "ruckus",
"trap-auth-password-encrypted": "",
"trap-auth-protocol": "md5",
"trap-priv-password-encrypted": "",
"trap-priv-protocol": "",
"trap-security-level": "auth",
"trap-username": "public",
"use-samecredential": "true",
"write-auth-password-encrypted": "",
"write-auth-protocol": "md5",
"write-priv-password-encrypted": "",
"write-priv-protocol": "",
"write-security-level": "auth",
"write-username": "public"
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
124
error!"
}
]
}
}
Deleting SNMP Device
REQUEST
DELETE
/api/v1/configuration/uac/snmpEnforcement/clients/client/ruckus/HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating SNMP Policy
REQUEST
POST /api/v1/configuration/uac/snmpEnforcement/snmpPolicies/policy
HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"apply-to-roles": "selected",
"description": "",
"location-group": "Guest Wired",
"name": "SNMP policy",
"roles": [
"Guest Wired Restricted"
],
"vlan": "65"
}
RESPONSE
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or
error!"
}
]
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
125
}
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
126
Deleting SNMP Policy
REQUEST
DELETE
/api/v1/configuration/uac/snmpEnforcement/snmpPolicies/policy/SNMP%20policy
HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating Device Group - TACACS+
REQUEST
POST /api/v1/configuration/uac/networkDeviceAdministration/groups/group/
HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"admin-realm": "Admin Users",
"description": "",
"name": "Device Group"
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
}
Deleting Device Group- TACACS+
REQUEST
DELETE
/api/v1/configuration/uac/networkDeviceAdministration/groups/group/Device%20Group
HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
127
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating TACACS+ Client
REQUEST
POST api/v1/configuration/uac/networkDeviceAdministration/clients/client
HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"description": "",
"deviceGroup": "Device Group",
"enable": "true",
"ipAddress": "10.204.88.244",
"ipAddressRange": "1",
"name": "TACACS client",
"shared-secret-encrypted":
"3u+UR6n8AgABAAAAofSnIBrU19vdwUslG5LG4cg1QH6CbXDSmY4ZW0x85HY="
}
RESPONSE
{
"result": {
"warnings": [
{
"message": "The configuration has been implicitly changed"
}
]
}
}
Deleting TACACS+ Client
REQUEST
DELETE
/api/v1/configuration/uac/networkDeviceAdministration/clients/client/TACACS
%20client HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
128
Creating Shell Policies
REQUEST
POST /api/v1/configuration/uac/networkDeviceAdministration/policies/policy
HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"apply-action": "deny",
"apply-groups": "all",
"apply-roles": "all",
"commandSets": {
"command-set": []
},
"defaultPrivilege": "1",
"description": "",
"groups": null,
"maxPrivilege": "1",
"name": "TACACS policy",
"roles": null
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
}
Deleting Shell Policies
REQUEST
DELETE
/api/v1/configuration/uac/networkDeviceAdministration/policies/policy/TACACS%20policy
HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
RESPONSE
{
"result": {
"warnings": [
{
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
129
"message": "The configuration has been implicitly changed"
}
]
}
}
Creating Admission Control Client
REQUEST
POST /api/v1/configuration/uac/admissionControl/clients/client HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"description": "",
"enable": "true",
"ipAddress": "10.204.88.12",
"name": "FORTINET",
"templateID": "fortigate-text.itmpl"
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
}
Deleting Admission Control Client
REQUEST
DELETE /api/v1/configuration/uac/admissionControl/clients/client/FORTINET HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Creating Admission Control Policy
REQUEST
POST /api/v1/configuration/uac/admissionControl/policies/policy/ HTTP/1.1
Host xx.xx.xx.xx
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
130
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"action": "ignore",
"apply": "selected",
"count": "1",
"event": "utm:ips",
"name": "policy1",
"replacementRole": null,
"replacementType": "Permanent",
"roles": null,
"severity": "critical",
"templateID": "fortigate-text.itmpl"
}
RESPONSE
{
"result": {
"info": [
{
"message": "Operation succeeded without warning or error!"
}
]
}
Deleting Admission Control Policy
REQUEST
DELETE /api/v1/configuration/uac/admissionControl/policies/policy/policy1 HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic
VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
RESPONSE
HTTP/1.1 204 NO CONTENT
Content-Length: 0
Content-Type: application/json
Profiler REST APIs
Approving Devices
REQUEST
PUT api/v1/profiler/endpoints/simplified/xx:xx:xx:xx:xx:xx HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"status": "approved"
}
RESPONSE
HTTP/1.1 200 OK
PCS/PPS and REST API Solutions Guide
© 2020 by Pulse Secure, LLC. All rights reserved
131
Content-Type: application/json
{
"Successfully updated.”
}
Updating Device Attributes
REQUEST
PUT api/v1/profiler/endpoints/simplified/xx:xx:xx:xx:xx:xx HTTP/1.1
Host xx.xx.xx.xx
Authorization: Basic VU9qSTlGTzNrYVk5d0t2aXpBN1dPZ0FyZlN1S3FmTkNnQUh0R0ZuR0xSbz06
Content-Type: application/json
{
"manufacturer": "Windows",
"os": "Windows"
}
RESPONSE
HTTP/1.1 200 OK
Content-Type: application/json
{
"Successfully updated.”
}
