Submits raw or archive files (e.g., ZIP) to Sandbox for analysis. You can submit up to 100 files per day and it supports all file types that are currently supported by Sandbox. To learn more, see About Sandbox. By default, files are scanned by Zscaler antivirus (AV) and submitted directly to the sandbox in order to obtain a verdict. However, if a verdict already exists for the file, you can use the 'force' parameter to make the sandbox to reanalyze it.
You must have a Sandbox policy rule configured within the ZIA Admin Portal in order to analyze files that aren't present in the default policy rule. Ensure that you have explicitly added Sandbox policy rules that include the appropriate file types within your request. If not, an 'Unknown' message is shown in the response.
To learn more, see Configuring the Sandbox Policy and Configuring the Default Sandbox Rule.
After files are sent for analysis, you must use GET /sandbox/report/{md5Hash} in order to retrieve the verdict. You can get the Sandbox report 10 minutes after a file is sent for analysis.
\n", "operationId": "submitFile", "parameters": [ { "name": "api_token", "in": "query", "description": "The Sandbox API token obtained from the ZIA Admin Portal to be used for authenticating the Sandbox Submission API. To learn more, see Managing Sandbox API Token.
", "required": true, "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "force", "in": "query", "description": "Submit file to sandbox even if found malicious during AV scan and a verdict already exists.
", "style": "form", "explode": true, "schema": { "allOf": [ { "$ref": "#/components/schemas/force" }, { "description": "Submit file to sandbox even if found malicious during AV scan and a verdict already exists.
" } ] } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SandboxSubmissionResponse" } } } } }, "deprecated": false } }, "/zscsb/discan": { "post": { "tags": [ "Sandbox Submission API" ], "summary": "submitFileForScan", "description": "Submits raw or archive files (e.g., ZIP) to the Zscaler service for out-of-band file inspection to generate real-time verdicts for known and unknown files. It leverages capabilities such as Malware Prevention, Advanced Threat Prevention, Sandbox cloud effect, AI/ML-driven file analysis, and integrated third-party threat intelligence feeds to inspect files and classify them as benign or malicious instantaneously.
All file types that are currently supported by the Malware Protection policy and Advanced Threat Protection policy are supported for inspection, and each file is limited to a size of 400 MB.
Note: Dynamic file analysis is not included in out-of-band file inspection.
", "operationId": "submitFileForScan", "parameters": [ { "name": "api_token", "in": "query", "description": "The Sandbox API token obtained from the ZIA Admin Portal to be used for authenticating the Sandbox Submission API. To learn more, see Managing Sandbox API Token.
", "required": true, "style": "form", "explode": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DIScanSubmissionResponse" } } } } }, "deprecated": false } }, "/apps/app": { "get": { "tags": [ "Applications" ], "summary": "getApp", "description": "https://api.apptotal.zscaler.com/v1/apps/appapp_id or url—for your search. If you use both an app ID and a URL for your search, an error is returned. 200 response is received and the app's information is returned. 202 response is received and the app is submitted for analysis in the AppTotal Sandbox. GET request is required to fetch the app's information. As a best practice, allow 24 hours for analysis and then resubmit the required GET request. 404 response is received.400 response is received.GET request is required to fetch the app's information.\n",
"operationId": "postApp",
"parameters": [],
"requestBody": {
"description": "The app identifier (e.g., OAuth client ID)",
"content": {
"application/json": {
"schema": {
"allOf": [
{
"$ref": "#/components/schemas/SimpleAppIdRequest"
},
{
"description": "The app identifier (e.g., OAuth client ID)"
}
]
}
}
},
"required": true
},
"responses": {
"200": {
"description": "Successful Operation",
"headers": {
"X-Rate-Limit-Remaining": {
"description": "The requests remaining until the quota limit is reached",
"content": {
"text/plain": {
"schema": {
"type": "integer",
"description": "The requests remaining until the quota limit is reached",
"format": "int32"
}
}
}
}
},
"content": {}
},
"400": {
"description": "Invalid Request Body",
"headers": {},
"content": {}
},
"401": {
"description": "Not Authenticated",
"headers": {},
"content": {}
},
"403": {
"description": "Access Forbidden",
"headers": {},
"content": {}
},
"409": {
"description": "Rate Limit Exceeded",
"headers": {
"Retry-After": {
"description": "The seconds remaining until the rate limit resets",
"content": {
"text/plain": {
"schema": {
"type": "integer",
"description": "The seconds remaining until the rate limit resets",
"format": "int32"
}
}
}
}
},
"content": {}
},
"500": {
"description": "Internal Server Error Occurred",
"headers": {},
"content": {}
}
},
"deprecated": false
}
},
"/apps/search": {
"get": {
"tags": [
"Applications"
],
"summary": "AppsSearch_GET",
"description": "https://api.apptotal.zscaler.com/v1/apps/search appName) is returned. id from GET /app_views/list to return the app IDs of the apps related to the custom view.",
"operationId": "getViewApps",
"parameters": [
{
"name": "appViewId",
"in": "path",
"description": "The custom view identifier",
"required": true,
"style": "simple",
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {
"X-Rate-Limit-Remaining": {
"description": "The requests remaining until the quota limit is reached",
"content": {
"text/plain": {
"schema": {
"type": "integer",
"description": "The requests remaining until the quota limit is reached",
"format": "int32"
}
}
}
}
},
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AppViewAppsResponse"
},
"description": ""
}
}
}
},
"400": {
"description": "Invalid Request Body",
"headers": {},
"content": {}
},
"401": {
"description": "Not Authenticated",
"headers": {},
"content": {}
},
"403": {
"description": "Access Forbidden",
"headers": {},
"content": {}
},
"409": {
"description": "Rate Limit Exceeded",
"headers": {
"Retry-After": {
"description": "The seconds remaining until the rate limit resets",
"content": {
"text/plain": {
"schema": {
"type": "integer",
"description": "The seconds remaining until the rate limit resets",
"format": "int32"
}
}
}
}
},
"content": {}
},
"500": {
"description": "Internal Server Error Occurred",
"headers": {},
"content": {}
}
},
"deprecated": false
}
},
"/adminRoles/lite": {
"get": {
"tags": [
"Admin & Role Management"
],
"summary": "getRoleSummary",
"description": "Gets a name and ID dictionary of all admin roles. The list only includes the name and ID for all admin roles. To learn more, see About Role Management.
\n", "operationId": "getRoleSummary", "parameters": [ { "name": "includeAuditorRole", "in": "query", "description": "Include or exclude auditor role information in the list.
", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "includePartnerRole", "in": "query", "description": "Include or exclude partner admin role information in the list.
", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "includeApiRole", "in": "query", "description": "Include or exclude API role information in the list.
", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminRole" } } } } }, "deprecated": false } }, "/adminUsers": { "get": { "tags": [ "Admin & Role Management" ], "summary": "getAdminUsers", "description": "Gets a list of admin users. By default, auditor user information is not included. To learn more, see About Administrators and About Auditors.
\n", "operationId": "getAdminUsers", "parameters": [ { "name": "includeAuditorUsers", "in": "query", "description": "Include or exclude auditor user information in the list.
", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "includeAdminUsers", "in": "query", "description": "Include or exclude admin user information in the list.
", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "search", "in": "query", "description": "The search string used to partially match against an admin/auditor user's Login ID or Name.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "page", "in": "query", "description": "Specifies the page offset.
", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "pageSize", "in": "query", "description": "Specifies the page size. The default size is 100, but the maximum size is 1000.
", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 100 } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminUser" } } } } }, "deprecated": false }, "post": { "tags": [ "Admin & Role Management" ], "summary": "addAdminUser", "description": "Creates an admin or auditor user. To learn more, see Adding Admins and Adding Auditors.
\n", "operationId": "addAdminUser", "parameters": [ { "name": "associateWithExistingAdmin", "in": "query", "description": "This field is set to true to update an admin user that already exists in other Zscaler services but does not exist in ZIA. For example, this field must be set to true when creating an admin user in ZIA who's already a user in Zscaler Digital Experience (ZDX). To learn more, see Adding ZIA Admins.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": false } } ], "requestBody": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminUser" } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminUser" } } } } }, "deprecated": false } }, "/adminUsers/{userId}": { "put": { "tags": [ "Admin & Role Management" ], "summary": "updateAdminUser", "description": "Updates admin or auditor user for the specified ID. You can only disable/enable the default admin account using this endpoint, all other updates within the request are ignored for this admin account.
\n", "operationId": "updateAdminUser", "parameters": [ { "name": "userId", "in": "path", "description": "The unique identifier for the admin/auditor user.
", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AdminUser" } } } } }, "deprecated": false }, "delete": { "tags": [ "Admin & Role Management" ], "summary": "deleteAdminUser", "description": "Deletes an admin or auditor user using the specified ID
Note: This request deletes an admin and removes them as a user from the ZIA Admin Portal. To delete the admin privileges for a user while retaining them as a regular user of your organization in the ZIA Admin Portal, use the POST /adminUsers/{userId}/convertToUser request.
import http.client
import json
conn = http.client.HTTPSConnection("HOSTNAME")
headers = {
'content-type': "application/json",
'cache-control': "no-cache",
'cookie': "JSESSIONID=xxxxxxx"
}
conn.request("DELETE", "/api/v1/adminUsers/6794036", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
204 No Content\n", "operationId": "deleteAdminUser", "parameters": [ { "name": "userId", "in": "path", "description": "
The unique identifier for the admin/auditor user.
", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "204": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/adminUsers/{userId}/convertToUser": { "post": { "tags": [ "Admin & Role Management" ], "summary": "convertAdminToEndUser", "description": "Removes admin privileges for a user while retaining them as a regular user of your organization in the ZIA Admin Portal. This can be used as an alternative to the DELETE /adminUsers/{userId} request, which deletes an admin and removes them as a user from the ZIA Admin Portal. To learn more, see Deleting ZIA Admins.
Before you can delete the admin privileges for a user, you need to obtain the admin user's ID and other information by using the GET /users request and then send the admin user details in the POST /adminUsers/{userId}/convertToUser request.
Gets a list of all the cloud browser isolation profiles in the Isolation Profile field for URL Filtering Policy and Cloud App Control Policy rules.
", "operationId": "getCloudBrowserIsolationProfiles", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/BrowserIsolationProfile" }, "description": "" } } } } }, "deprecated": false } }, "/dlpDictionaries": { "get": { "tags": [ "Data Loss Prevention" ], "summary": "getDlpDictionaries", "description": "Gets information on all custom and predefined DLP dictionaries.", "operationId": "getDlpDictionaries", "parameters": [ { "name": "search", "in": "query", "description": "The search string used to match against a DLP dictionary's name or description attributes.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DlpDictionaryDom" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Data Loss Prevention" ], "summary": "addCustomDLPDictionary", "description": "Adds a new custom DLP dictionary.", "operationId": "addCustomDLPDictionary", "parameters": [], "requestBody": { "description": "The information for a custom DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Adding Custom DLP Dictionaries.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/DlpDictionaryDom" }, { "description": "The information for a custom DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Adding Custom DLP Dictionaries." } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DlpDictionaryDom" } } } } }, "deprecated": false } }, "/dlpDictionaries/lite": { "get": { "tags": [ "Data Loss Prevention" ], "summary": "getDLPDictionarySummary", "description": "Gets a name and ID dictionary of all custom and predefined DLP dictionaries.", "operationId": "getDLPDictionarySummary", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DlpDictionaryDom" }, "description": "" } } } } }, "deprecated": false } }, "/dlpDictionaries/{dlpDictId}": { "get": { "tags": [ "Data Loss Prevention" ], "summary": "getDlpDictionaryById", "description": "Gets DLP dictionary information for the specified ID.", "operationId": "getDlpDictionaryById", "parameters": [ { "name": "dlpDictId", "in": "path", "description": "The unique identifier for the DLP dictionary.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DlpDictionaryDom" } } } } }, "deprecated": false }, "put": { "tags": [ "Data Loss Prevention" ], "summary": "updateDlpDictionary", "description": "Updates a custom or predefined DLP dictionary.", "operationId": "updateDlpDictionary", "parameters": [ { "name": "dlpDictId", "in": "path", "description": "The unique identifier for the DLP dictionary.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "The information for a custom or predefined DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Editing Predefined DLP Dictionaries, and Adding Custom DLP Dictionaries which provides more information regarding defining phrases and patterns, as well as EDM fields and IDM accuracy.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/DlpDictionaryDom" }, { "description": "The information for a custom or predefined DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Editing Predefined DLP Dictionaries, and Adding Custom DLP Dictionaries which provides more information regarding defining phrases and patterns, as well as EDM fields and IDM accuracy." } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DlpDictionaryDom" } } } } }, "deprecated": false }, "delete": { "tags": [ "Data Loss Prevention" ], "summary": "deleteCustomDlpDictionary", "description": "Deletes a custom DLP dictionary. You cannot delete predefined DLP dictionaries.", "operationId": "deleteCustomDlpDictionary", "parameters": [ { "name": "dlpDictId", "in": "path", "description": "The unique identifier for the DLP dictionary.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/dlpDictionaries/{dictId}/predefinedIdentifiers": { "get": { "tags": [ "Data Loss Prevention" ], "summary": "getPredefinedHierarchicalIdentifiersByDictionaryId", "description": "Retrieves the list of identifiers that are available for selection in the specified hierarchical DLP dictionary. This information can be obtained for predefined hierarchical dictionaries such as the Driver’s License (United States), Passport Number (European Union), and Credentials and Secrets dictionaries and their clones.
Each identifier represents a sub-dictionary that consists of specific patterns. The Driver’s License (United States) dictionary includes one sub-dictionary for each state in the United States and the District of Columbia. For example, the Driver's License (United States) dictionary includes one sub-dictionary for each state in the United States, and you can customize this dictionary to detect the driver's licenses issued by specific states (e.g., California, New York, and Texas) by selecting the respective sub-dictionary identifier.
To learn more about hierarchical dictionaries, see Understanding Predefined DLP Dictionaries.
", "operationId": "getPredefinedHierarchicalIdentifiersByDictionaryId", "parameters": [ { "name": "dictId", "in": "path", "description": "The ID of the hierarchical DLP dictionary", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/getPredefinedHierarchicalIdentifiersByDictionaryIdResponse" }, "description": "" } } } } }, "deprecated": false } }, "/dlpDictionaries/validateDlpPattern": { "post": { "tags": [ "Data Loss Prevention" ], "summary": "validateDlpPattern", "description": "Validates the pattern used by a Pattern and Phrases DLP dictionary type, and provides error information if the pattern is invalid. To learn more about how to define valid patterns for custom DLP dictionaries, see Defining Patterns for Custom DLP Dictionaries.
", "operationId": "validateDlpPattern", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SMMsgStatusInfo" } } } } }, "deprecated": false } }, "/dlpEngines": { "get": { "tags": [ "Data Loss Prevention" ], "summary": "getDLPEngines", "description": "Get a list of DLP engines.", "operationId": "getDLPEngines", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DlpEngineDom" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Data Loss Prevention" ], "summary": "addCustomDLPEngine", "description": "Adds a new custom DLP engine. A DLP engine is a collection of one or more DLP Dictionaries, combined using logical operators. DLP engines can be used in DLP policies to detect specific content in the users' traffic. The Zscaler service provides predefined DLP engines and supports custom DLP engines. To learn more, see About DLP Engines and Understanding DLP Engines.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Details of a custom DLP engine formed by combining DLP dictionaries using logical operators. To learn how to add custom DLP engines, see Adding Custom DLP Engines.
", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/DlpEngineDom" }, { "description": "Details of a custom DLP engine formed by combining DLP dictionaries using logical operators. To learn how to add custom DLP engines, see Adding Custom DLP Engines.
" } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DlpEngineDom" } } } } }, "deprecated": false } }, "/dlpEngines/lite": { "get": { "tags": [ "Data Loss Prevention" ], "summary": "getDLPEnginesSummary", "description": "Gets a name and ID dictionary for all DLP engines.", "operationId": "getDLPEnginesSummary", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DlpEngineDom" }, "description": "" } } } } }, "deprecated": false } }, "/dlpEngines/validateDlpExpr": { "post": { "tags": [ "Data Loss Prevention" ], "summary": "validateDlpPattern", "description": "Validates the logical expression within a DLP engine that is formed by combining DLP dictionaries and provides error information if the expression is invalid. To learn more about DLP engine expressions, see Understanding DLP Engines.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Logical expression within a DLP engine formed by combining DLP dictionaries using operators. This parameter requires the input in a certain format. For example, an expression combining ABA Bank Routing Numbers and Credit Cards dictionaries using an AND operator with zero match count each would be ((D63.S > 0) AND (D38.S > 0)), where 63 is the ID of the Credit Cards dictionary and 38 is the ID of the ABA Bank Routing Numbers dictionary. The dictionary ID is wrapped around by a prefix (D) and a suffix (.S).
Engine expression examples:
((D63.S > 1))((D63.S > 1) AND (D38.S > 0))((D63.S > 1) OR (D38.S > 0))(D63.S > 0) AND ( NOT ( (D61.S > 0) ) ) )(SUM(D63.S, D38.S) > 3)In the preceding examples, 63 represents the ID of the Credit Cards dictionary, 61 is the Financial Statements dictionary ID, and 38 is the ABA Bank Routing Numbers dictionary ID.
Note: Zscaler recommends validating DLP engine expressions by sending a POST request to /dlpEngines/validateDlpExpr before configuring a DLP engine.
Logical expression within a DLP engine formed by combining DLP dictionaries using operators. This parameter requires the input in a certain format. For example, an expression combining ABA Bank Routing Numbers and Credit Cards dictionaries using an AND operator with zero match count each would be ((D63.S > 0) AND (D38.S > 0)), where 63 is the ID of the Credit Cards dictionary and 38 is the ID of the ABA Bank Routing Numbers dictionary. The dictionary ID is wrapped around by a prefix (D) and a suffix (.S).
Engine expression examples:
((D63.S > 1))((D63.S > 1) AND (D38.S > 0))((D63.S > 1) OR (D38.S > 0))(D63.S > 0) AND ( NOT ( (D61.S > 0) ) ) )(SUM(D63.S, D38.S) > 3)In the preceding examples, 63 represents the ID of the Credit Cards dictionary, 61 is the Financial Statements dictionary ID, and 38 is the ABA Bank Routing Numbers dictionary ID.
Note: Zscaler recommends validating DLP engine expressions by sending a POST request to /dlpEngines/validateDlpExpr before configuring a DLP engine.
Updates DLP engine information for the specified ID. To learn more, see About DLP Engines and Editing Predefined DLP Engines.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Deletes the custom DLP engine with the specified ID.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Gets the status of the request to generate an event log report. Following a request to generate a report via the POST /eventlogEntryReport endpoint, you can call GET /eventlogEntryReport to check the current status of report generation. If the status is COMPLETE, you can send a GET request to /eventlogEntryReport/download to download the report as a CSV file.
Creates an event log report for the specified time period and saves it as a CSV file. The report includes event log information for every call made to the ZIA API during the specified time period. Creating a new event log report overwrites the previously-generated report.
", "operationId": "startEventReportEntryCsvExport", "parameters": [], "requestBody": { "description": "Event log report request, which includes the following information:
Event log report request, which includes the following information:
Cancels the request to generate an event log report.
", "operationId": "cancelEventReportEntryCsvExport", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/eventlogEntryReport/download": { "get": { "tags": [ "Event Logs" ], "summary": "getEventReportEntryCsvData", "description": "Downloads the most recently generated event log report. Calling this endpoint downloads the file only if the report generation status is COMPLETE. Use the GET /eventlogEntryReport endpoint to verify the status before calling this endpoint for downloading the file.
Gets all rules in the Firewall Filtering policy.
\n", "operationId": "getFirewallFilteringRules", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/FirewallFilteringRule" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Firewall Policies" ], "summary": "createFirewallFilteringRule", "description": "Adds a new Firewall Filtering policy rule.", "operationId": "createFirewallFilteringRule", "parameters": [], "requestBody": { "description": "The Firewall Filtering policy rule information.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/FirewallFilteringRule" }, { "description": "The Firewall Filtering policy rule information." } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FirewallFilteringRule" } } } } }, "deprecated": false } }, "/firewallFilteringRules/{ruleId}": { "get": { "tags": [ "Firewall Policies" ], "summary": "getFirewallFilteringRule", "description": "Gets the Firewall Filtering policy rule information for the specified ID.
\n", "operationId": "getFirewallFilteringRule", "parameters": [ { "name": "ruleId", "in": "path", "description": "The unique identifier for the policy rule.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FirewallFilteringRule" } } } } }, "deprecated": false }, "put": { "tags": [ "Firewall Policies" ], "summary": "updateFirewallFilteringRule", "description": "Updates Firewall Filtering policy rule information for the specified ID.", "operationId": "updateFirewallFilteringRule", "parameters": [ { "name": "ruleId", "in": "path", "description": "The unique identifier for the policy rule.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "The Firewall Filtering policy rule information.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/FirewallFilteringRule" }, { "description": "The Firewall Filtering policy rule information." } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FirewallFilteringRule" } } } } }, "deprecated": false }, "delete": { "tags": [ "Firewall Policies" ], "summary": "deleteFirewallFilteringRule", "description": "Deletes a Firewall Filtering policy rule for the specified ID.", "operationId": "deleteFirewallFilteringRule", "parameters": [ { "name": "ruleId", "in": "path", "description": "The unique identifier for the policy rule.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/ipDestinationGroups": { "get": { "tags": [ "Firewall Policies" ], "summary": "getDestinationIpGroups", "description": "Gets a list of all IP destination groups.
Note: This endpoint retrieves only IPv4 destination address groups. Organizations that have enabled IPv6 can use GET /ipSourceGroups/ipv6SourceGroups to retrieve IPv6 destination address groups.
Adds a new IP Destination group.
Note: This endpoint can only add an IPv4 destination address group. User-defined groups for IPv6 addresses are currently not supported.
", "operationId": "addDestinationIpGroup", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DestinationIpGroup" } } } } }, "deprecated": false } }, "/ipDestinationGroups/ipv6DestinationGroups": { "get": { "tags": [ "Firewall Policies" ], "summary": "getDestinationIpv6Groups", "description": "Gets the list of destination IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
", "operationId": "getDestinationIpv6Groups", "parameters": [ { "name": "excludeType", "in": "query", "description": "Specifies a destination group type to exclude the corresponding groups from the list.
", "style": "form", "explode": true, "schema": { "allOf": [ { "$ref": "#/components/schemas/excludeType" }, { "description": "Specifies a destination group type to exclude the corresponding groups from the list.
" } ] } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DestinationIpGroup" }, "description": "" } } } } }, "deprecated": false } }, "/ipDestinationGroups/ipv6DestinationGroups/lite": { "get": { "tags": [ "Firewall Policies" ], "summary": "getDestinationIpv6GroupsLite", "description": "Gets a name and ID dictionary for destination IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
", "operationId": "getDestinationIpv6GroupsLite", "parameters": [ { "name": "type", "in": "query", "description": "Filters the list based on the destination group type.", "style": "form", "explode": true, "schema": { "type": "array", "items": { "$ref": "#/components/schemas/type10" } } }, { "name": "excludeType", "in": "query", "description": "Specifies a destination group type to exclude the corresponding groups from the list type.
", "style": "form", "explode": true, "schema": { "allOf": [ { "$ref": "#/components/schemas/excludeType" }, { "description": "Specifies a destination group type to exclude the corresponding groups from the list type.
" } ] } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "" } } } } }, "deprecated": false } }, "/ipDestinationGroups/lite": { "get": { "tags": [ "Firewall Policies" ], "summary": "getDestinationIpGroupsLite", "description": "Gets a name and ID dictionary of all IP destination groups.
Note: This endpoint retrieves only IPv4 destination address groups. Organizations that have enabled IPv6 can use GET /ipDestinationGroups/ipv6DestinationGroups/lite to retrieve IPv6 destination address groups.
Gets the IP destination group information for the specified ID.
", "operationId": "getDestinationIpGroupById", "parameters": [ { "name": "ipGroupId", "in": "path", "description": "The unique identifier for the IP destination group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DestinationIpGroup2" } } } } }, "deprecated": false }, "put": { "tags": [ "Firewall Policies" ], "summary": "editDestinationIpGroup", "description": "Updates the IP destination group information for the specified ID.
Note: Only user-defined IP groups can be updated.
", "operationId": "editDestinationIpGroup", "parameters": [ { "name": "ipGroupId", "in": "path", "description": "The unique identifier for the IP destination group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DestinationIpGroup" } } } } }, "deprecated": false }, "delete": { "tags": [ "Firewall Policies" ], "summary": "deleteDestinationIpGroup", "description": "Deletes the IP destination group for the specified ID.
Note: Only user-defined IP groups can be deleted.
", "operationId": "deleteDestinationIpGroup", "parameters": [ { "name": "ipGroupId", "in": "path", "description": "", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/ipSourceGroups": { "get": { "tags": [ "Firewall Policies" ], "summary": "getSourceIpGroups", "description": "Gets a list of all IP source groups. The search parameters find matching values within the name or description attributes.
Note: This endpoint retrieves only IPv4 source address groups. Organizations that have enabled IPv6 can use GET /ipSourceGroups/ipv6SourceGroups to retrieve IPv6 source address groups.
Adds a new IP source group.
Note: This endpoint can only add an IPv4 source address group. User-defined groups for IPv6 addresses are currently not supported.
", "operationId": "addSourceIpGroup", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IpGroup" } } } } }, "deprecated": false } }, "/ipSourceGroups/ipv6SourceGroups": { "get": { "tags": [ "Firewall Policies" ], "summary": "getSourceIpv6Groups", "description": "Gets the list of source IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
", "operationId": "getSourceIpv6Groups", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IpGroup" }, "description": "" } } } } }, "deprecated": false } }, "/ipSourceGroups/ipv6SourceGroups/lite": { "get": { "tags": [ "Firewall Policies" ], "summary": "getSourceIpv6GroupsLite", "description": "Gets a name and ID dictionary for source IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
", "operationId": "getSourceIpv6GroupsLite", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IpGroup" }, "description": "" } } } } }, "deprecated": false } }, "/ipSourceGroups/lite": { "get": { "tags": [ "Firewall Policies" ], "summary": "getSourceIpGroupsLite", "description": "Gets a name and ID dictionary of all IP source groups.
Note: This endpoint retrieves only IPv4 source address groups. Organizations that have enabled IPv6 can use GET /ipSourceGroups/ipv6SourceGroups/lite to retrieve IPv6 source address groups.
Gets the IP source group information for the specified ID.
\n", "operationId": "getSourceIpGroupById", "parameters": [ { "name": "ipGroupId", "in": "path", "description": "The unique identifier for the IP source group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IpGroup" } } } } }, "deprecated": false }, "put": { "tags": [ "Firewall Policies" ], "summary": "editSourceIpGroup", "description": "Updates the IP source group information for the specified ID.
Note: Only user-defined IP groups can be updated.
", "operationId": "editSourceIpGroup", "parameters": [ { "name": "ipGroupId", "in": "path", "description": "The unique identifier for the IP source group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IpGroup" } } } } }, "deprecated": false }, "delete": { "tags": [ "Firewall Policies" ], "summary": "deleteSourceIpGroup", "description": "Deletes the IP source group for the specified ID.
Note: Only user-defined IP groups can be deleted.
", "operationId": "deleteSourceIpGroup", "parameters": [ { "name": "ipGroupId", "in": "path", "description": "The unique identifier for the IP source group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/networkApplicationGroups": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetowrkApplicationGroups", "description": "Gets a list of all network application groups. The search parameters find matching values within the name or description attributes.
The search string used to match against a group's name or description attributes.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NetworkApplicationGroup" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Firewall Policies" ], "summary": "createNetworkApplicationGroup", "description": "Creates a new custom network application group.", "operationId": "createNetworkApplicationGroup", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkApplicationGroup" } } } } }, "deprecated": false } }, "/networkApplicationGroups/lite": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetowrkApplicationGroupsLite", "description": "Gets a name and ID dictionary of all network application groups.
\n", "operationId": "getNetowrkApplicationGroupsLite", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NetworkApplicationGroup" }, "description": "" } } } } }, "deprecated": false } }, "/networkApplicationGroups/{groupId}": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkApplicationGroupById", "description": "Gets the network application group information for the specified ID.
\n", "operationId": "getNetworkApplicationGroupById", "parameters": [ { "name": "groupId", "in": "path", "description": "The unique identifier for the network application group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkApplicationGroup" } } } } }, "deprecated": false }, "put": { "tags": [ "Firewall Policies" ], "summary": "updateNetworkApplicationGroup", "description": "Updates the customer network application group for the specified ID.", "operationId": "updateNetworkApplicationGroup", "parameters": [ { "name": "groupId", "in": "path", "description": "The unique identifier for the network application group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkApplicationGroup" } } } } }, "deprecated": false }, "delete": { "tags": [ "Firewall Policies" ], "summary": "deleteNetworkApplicationGroup", "description": "Deletes the custom network application group for the specified ID.", "operationId": "deleteNetworkApplicationGroup", "parameters": [ { "name": "groupId", "in": "path", "description": "The unique identifier for the network application group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/networkApplications": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkApplications", "description": "Gets a list of all predefined network applications. The search parameters find matching values within the description attribute.
The search string used to match against a network application's description attribute.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "locale", "in": "query", "description": "When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network application's description is localized into the requested language.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NetworkApplicationDom" }, "description": "" } } } } }, "deprecated": false } }, "/networkApplications/{appId}": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkApplicationById", "description": "Gets the network application information for the specified ID.
\n", "operationId": "getNetworkApplicationById", "parameters": [ { "name": "appId", "in": "path", "description": "The unique identifier for the network application.", "required": true, "style": "simple", "schema": { "allOf": [ { "$ref": "#/components/schemas/appId" }, { "description": "The unique identifier for the network application." } ] } }, { "name": "locale", "in": "query", "description": "When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network application's description is localized into the requested language.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkApplicationDom" } } } } }, "deprecated": false } }, "/networkServiceGroups": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkServiceGroups", "description": "Gets a list of all network service groups. The search parameters find matching values within the name or description attributes.
The search string used to match against a group's name or description attributes.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NetworkServiceGroup" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Firewall Policies" ], "summary": "addCustomNetworkServiceGroup", "description": "Adds a new network service group.", "operationId": "addCustomNetworkServiceGroup", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkServiceGroup" } } } } }, "deprecated": false } }, "/networkServiceGroups/lite": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkServiceGroupsLite", "description": "Gets a name and ID dictionary of all network service groups.
\n", "operationId": "getNetworkServiceGroupsLite", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NetworkServiceGroup" }, "description": "" } } } } }, "deprecated": false } }, "/networkServiceGroups/{serviceGroupId}": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkServiceGroupById", "description": "Gets the network service group information for the specified ID.
\n", "operationId": "getNetworkServiceGroupById", "parameters": [ { "name": "serviceGroupId", "in": "path", "description": "The unique identifier for the network service group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkServiceGroup" } } } } }, "deprecated": false }, "put": { "tags": [ "Firewall Policies" ], "summary": "editNetworkServiceGroup", "description": "Updates the network service group information for the specified ID.", "operationId": "editNetworkServiceGroup", "parameters": [ { "name": "serviceGroupId", "in": "path", "description": "The unique identifier for the network service group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkServiceGroup" } } } } }, "deprecated": false }, "delete": { "tags": [ "Firewall Policies" ], "summary": "deleteCustomNetowrkServiceGroup", "description": "Deletes the network service group for the specified ID.", "operationId": "deleteCustomNetowrkServiceGroup", "parameters": [ { "name": "serviceGroupId", "in": "path", "description": "The unique identifier for the network service group.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/networkServices": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkServices", "description": "Gets a list of all network services. The search parameters find matching values within the name or description attributes.
The search string used to match against a service's name or description attributes.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "protocol", "in": "query", "description": "Filter based on the network service protocol.", "style": "form", "explode": true, "schema": { "allOf": [ { "$ref": "#/components/schemas/protocol2" }, { "description": "Filter based on the network service protocol." } ] } }, { "name": "locale", "in": "query", "description": "When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network service's description is localized into the requested language.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NetworkService" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Firewall Policies" ], "summary": "addCustomNetworkService", "description": "Adds a new network service.", "operationId": "addCustomNetworkService", "parameters": [], "requestBody": { "description": "The network service information.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/NetworkService" }, { "description": "The network service information." } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkService" } } } } }, "deprecated": false } }, "/networkServices/lite": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkServicesLite", "description": "Gets a name and ID dictionary of all network services.
\n", "operationId": "getNetworkServicesLite", "parameters": [ { "name": "locale", "in": "query", "description": "", "style": "form", "explode": true, "schema": { "type": "string", "default": "en_US" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NetworkService" }, "description": "" } } } } }, "deprecated": false } }, "/networkServices/{serviceId}": { "get": { "tags": [ "Firewall Policies" ], "summary": "getNetworkServiceById", "description": "Gets the network service for the specified ID.
\n", "operationId": "getNetworkServiceById", "parameters": [ { "name": "serviceId", "in": "path", "description": "The unique identifier for the network service.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "locale", "in": "query", "description": "When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network service's description is localized into the requested language.
", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkService" } } } } }, "deprecated": false }, "put": { "tags": [ "Firewall Policies" ], "summary": "editNetworkService", "description": "Updates the network service information for the specified ID.", "operationId": "editNetworkService", "parameters": [ { "name": "serviceId", "in": "path", "description": "The unique identifier for the network service.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NetworkService" } } } } }, "deprecated": false }, "delete": { "tags": [ "Firewall Policies" ], "summary": "deleteCustomNetworkService", "description": "Deletes the network service for the specified ID.", "operationId": "deleteCustomNetworkService", "parameters": [ { "name": "serviceId", "in": "path", "description": "The unique identifier for the network service.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/timeWindows": { "get": { "tags": [ "Firewall Policies", "URL Filtering Policies" ], "summary": "getTimeWindows", "description": "Gets a list of time intervals used for by the Firewall policy or the URL Filtering policy.
\n", "operationId": "getTimeWindows", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/TimeWindow" }, "description": "" } } } } }, "deprecated": false } }, "/timeWindows/lite": { "get": { "tags": [ "Firewall Policies", "URL Filtering Policies" ], "summary": "getTimeWindowSummary", "description": "Gets a name and ID dictionary of time intervals used by the Firewall policy or the URL Filtering policy.
\n", "operationId": "getTimeWindowSummary", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/TimeWindow" }, "description": "" } } } } }, "deprecated": false } }, "/forwardingRules": { "get": { "tags": [ "Forwarding Control Policy" ], "summary": "getForwardingRules", "description": "Gets the list of forwarding rules configured in the ZIA Admin Portal. To learn about forwarding control, see About Forwarding Control.", "operationId": "getForwardingRules", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ForwardingRule" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Forwarding Control Policy" ], "summary": "createForwardingRule", "description": "Adds a new forwarding rule. To learn more, see Configuring Forwarding Policy.", "operationId": "createForwardingRule", "parameters": [], "requestBody": { "description": "Forwarding rule information", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/ForwardingRule" }, { "description": "Forwarding rule information" } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForwardingRule" } } } } }, "deprecated": false } }, "/forwardingRules/{ruleId}": { "get": { "tags": [ "Forwarding Control Policy" ], "summary": "getForwardingRule", "description": "Gets information for a forwarding rule using the specified ID", "operationId": "getForwardingRule", "parameters": [ { "name": "ruleId", "in": "path", "description": "The ID of the forwarding rule", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForwardingRule" } } } } }, "deprecated": false }, "put": { "tags": [ "Forwarding Control Policy" ], "summary": "updateForwardingRule", "description": "Updates information for a forwarding rule using the specified ID", "operationId": "updateForwardingRule", "parameters": [ { "name": "ruleId", "in": "path", "description": "The ID of the forwarding rule", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "Forwarding rule infomration", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/ForwardingRule" }, { "description": "Forwarding rule infomration" } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ForwardingRule" } } } } }, "deprecated": false }, "delete": { "tags": [ "Forwarding Control Policy" ], "summary": "deleteForwardingRule", "description": "Deletes a forwarding rule using the specified ID", "operationId": "deleteForwardingRule", "parameters": [ { "name": "ruleId", "in": "path", "description": "The ID of the forwarding rule", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/zpaGateways": { "get": { "tags": [ "Forwarding Control Policy" ], "summary": "getZpaGateways", "description": "Gets the list of Zscaler Private Access (ZPA) gateways configured in the ZIA Admin Portal. To learn about ZPA gateways, see About Zscaler Private Access Gateway.", "operationId": "getZpaGateways", "parameters": [ { "name": "search", "in": "query", "description": "The search string used to match against a ZPA gateway name or an associated Server Group name", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "appSegment", "in": "query", "description": "Filters the list by Application Segment", "style": "form", "explode": true, "schema": { "type": "array", "items": { "type": "string" } } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ZpaGateway" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Forwarding Control Policy" ], "summary": "addZpaGateway", "description": "Adds a new custom ZPA gateway. The ZPA gateway can be used in a forwarding control policy to forward traffic to ZPA for Source IP Anchoring. To learn more, see Configuring ZPA Gateway.", "operationId": "addZpaGateway", "parameters": [], "requestBody": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ZpaGateway" } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ZpaGateway" } } } } }, "deprecated": false } }, "/zpaGateways/{gatewayId}": { "get": { "tags": [ "Forwarding Control Policy" ], "summary": "getZpaGatewayById", "description": "Gets information for a ZPA gateway using the specified ID", "operationId": "getZpaGatewayById", "parameters": [ { "name": "gatewayId", "in": "path", "description": "The ID of the ZPA gateway", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ZpaGateway" } } } } }, "deprecated": false }, "put": { "tags": [ "Forwarding Control Policy" ], "summary": "editZpaGateway", "description": "Updates information for a ZPA gateway using the specified ID", "operationId": "editZpaGateway", "parameters": [ { "name": "gatewayId", "in": "path", "description": "The ID of the ZPA gateway", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "ZPA gateway information", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/ZpaGateway" }, { "description": "ZPA gateway information" } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ZpaGateway" } } } } }, "deprecated": false }, "delete": { "tags": [ "Forwarding Control Policy" ], "summary": "deleteZpaGateway", "description": "Deletes a ZPA gateway using the specified ID", "operationId": "deleteZpaGateway", "parameters": [ { "name": "gatewayId", "in": "path", "description": "The ID of the ZPA gateway", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/intermediateCaCertificate": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "getIntermediateCaCertificates", "description": "Gets the list of intermediate CA certificates added for SSL inspection.
", "operationId": "getIntermediateCaCertificates", "parameters": [ { "name": "page", "in": "query", "description": "Specifies the page offset.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "pageSize", "in": "query", "description": "Specifies the page size.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 100 } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IntermediateCaCertificate" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "addIntermediateCaCertificate", "description": "Adds a custom intermediate CA certificate that can be used for SSL inspection. Custom intermediate certificates can be added with software protection or cloud HSM based on your subscriptions. In cloud HSM protection, your certificate private keys are stored in a cloud hardware security module (HSM) located in a region of your choice.
With cloud HSM protection subscription, you can add up to eight custom intermediate certificates using either cloud HSM or software protection and only four certificates can be active at a time. With software protection subscription, you can add up to 2 intermediate certificates and only one certificate can be active at a time.
To learn more, see Configuring Cloud HSM Protection Intermediate CA Certificate and Configuring Software Protection Intermediate CA Certificate.
", "operationId": "addIntermediateCaCertificate", "parameters": [], "requestBody": { "description": "Intermediate CA certificate information.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/IntermediateCaCertificate" }, { "description": "Intermediate CA certificate information." } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntermediateCaCertificate" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/downloadAttestation/{certId}": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "downloadAttestationStmt", "description": "Downloads the attestation bundle produced by the HSM solution for the specified intermediate CA certificate ID. The attestation bundle can be used to verify the HSM key attributes and the validity of the certificate.
", "operationId": "downloadAttestationStmt", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/intermediateCaCertificate/downloadCsr/{certId}": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "downloadCSR", "description": "Downloads a Certificate Signing Request (CSR) for the specified ID. To perform this operation, a CSR must have already been generated.
", "operationId": "downloadCSR", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/intermediateCaCertificate/downloadPublicKey/{certId}": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "downloadHsmPublicKey", "description": "Downloads the public key in the HSM key pair for the intermediate CA certificate with the specified ID. To perform this operation, a HSM key pair must have already been generated.
", "operationId": "downloadHsmPublicKey", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/intermediateCaCertificate/finalizeCert/{certId}": { "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "finalizeCert", "description": "Finalizes the intermediate CA certificate with the specified ID.
", "operationId": "finalizeCert", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/intermediateCaCertificate/generateCsr/{certId}": { "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "generateCsr", "description": "Generates a Certificate Signing Request (CSR) for the custom intermediate CA certificate with the specified ID. You can send the generated CSR to your Certificate Authority (CA) to sign as a subordinate CA certificate or intermediate CA certificate. The subordinate CA can be an intermediate or an issuing CA.
", "operationId": "generateCsr", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "Certificate Signing Request (CSR) information.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/CertSigningRequest" }, { "description": "Certificate Signing Request (CSR) information." } ] } } }, "required": true }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertCSR" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/keyPair/{certId}": { "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "generateHsmKeyPair", "description": "Generates a HSM key pair for the custom intermediate CA certificate with the specified ID.
", "operationId": "generateHsmKeyPair", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/HsmKey" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/lite": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "getIntermediateCaCertificatesLite", "description": "Gets the list of intermediate CA certificates added for SSL inspection.
", "operationId": "getIntermediateCaCertificatesLite", "parameters": [ { "name": "page", "in": "query", "description": "Specifies the page offset.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "pageSize", "in": "query", "description": "Specifies the page size.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 100 } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IntermediateCaCertificate" }, "description": "" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/lite/{certId}": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "getIntermediateCaCertificateLite", "description": "Gets information about the intermediate CA certificate with the specified ID.
", "operationId": "getIntermediateCaCertificateLite", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntermediateCaCertificate" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/makeDefault/{certId}": { "put": { "tags": [ "Intermediate CA Certificates" ], "summary": "makeDefaultCertificate", "description": "Updates the intermediate CA certificate information for the specified ID to mark it as the default intermediate certificate. Only one intermediate certificate can be marked as the default certificate at a time.
", "operationId": "makeDefaultCertificate", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntermediateCaCertificate" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/readyToUse": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "getCertificatesInReadyToUseState", "description": "Gets the list of intermediate CA certificates that are ready to use for SSL inspection.
", "operationId": "getCertificatesInReadyToUseState", "parameters": [ { "name": "page", "in": "query", "description": "Specifies the page offset.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "pageSize", "in": "query", "description": "Specifies the page size.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 100 } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IntermediateCaCertificate" }, "description": "" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/showCert/{certId}": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "showCert", "description": "Shows information about the signed intermediate CA certificate with the specified ID.
", "operationId": "showCert", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertSigningRequest" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/showCsr/{certId}": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "showCsr", "description": "Shows information about the Certificate Signing Request (CSR) for the specified ID.
", "operationId": "showCsr", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertSigningRequest" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/uploadCert/{certId}": { "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "uploadCert", "description": "Uploads a custom intermediate CA certificate signed by your Certificate Authority (CA) for SSL inspection. To enable users' browsers to trust this new intermediate certificate and any certificate signed by it, install this certificate on users' browsers. If you also want to upload a certificate chain, upload the signed intermediate certificate before uploading the certificate chain.
", "operationId": "uploadCert", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "Uploads the signed intermediate CA certificate.", "content": { "text/plain": { "schema": { "type": "object", "description": "Uploads the signed intermediate CA certificate." } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/intermediateCaCertificate/uploadCertChain/{certId}": { "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "uploadCertChain", "description": "Uploads the intermediate certificate chain (PEM file). Upload the certificate chain that includes any other intermediate certificates that complete the chain to the intermediate root certificate you want to upload.
When you upload a certificate chain, the Zscaler service sends the intermediate certificate along with this key chain and the signed server certificate to your users’ machines during SSL inspection. If you do not upload the certificate chain, the Zscaler service sends only your organization’s intermediate root certificate and its signed server certificate to your users' machines.
", "operationId": "uploadCertChain", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "Uploads the intermediate certificate chain (PEM).", "content": { "text/plain": { "schema": { "type": "object", "description": "Uploads the intermediate certificate chain (PEM)." } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/intermediateCaCertificate/verifyKeyAttestation/{certId}": { "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "verifyKeyAttestation", "description": "Verifies the attestation for the HSM keys generated for the specified ID.
", "operationId": "verifyKeyAttestation", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/HsmKeyAttestation" } } } } }, "deprecated": false } }, "/intermediateCaCertificate/{certId}": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "getIntermediateCaCertificate", "description": "Gets intermediate CA certificate information for the specified ID.
", "operationId": "getIntermediateCaCertificate", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntermediateCaCertificate" } } } } }, "deprecated": false }, "put": { "tags": [ "Intermediate CA Certificates" ], "summary": "updateIntermediateCaCertificate", "description": "Updates intermediate CA certificate information for the specified ID.
", "operationId": "updateIntermediateCaCertificate", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } } ], "requestBody": { "description": "Intermediate CA certificate information.", "content": { "application/json": { "schema": { "allOf": [ { "$ref": "#/components/schemas/IntermediateCaCertificate" }, { "description": "Intermediate CA certificate information." } ] } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IntermediateCaCertificate" } } } } }, "deprecated": false }, "delete": { "tags": [ "Intermediate CA Certificates" ], "summary": "deleteIntermediateCaCertificate", "description": "Deletes the intermediate CA certificate with the specified ID. The default intermediate certificate cannot be deleted.
", "operationId": "deleteIntermediateCaCertificate", "parameters": [ { "name": "certId", "in": "path", "description": "The unique identifier for the intermediate CA certificate.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/sslSettings/exemptedUrls": { "get": { "tags": [ "Intermediate CA Certificates" ], "summary": "getSslExemptedUrls", "description": "Gets a list of URLs that were exempted from SSL Inpection and policy evaluation.
", "operationId": "getSslExemptedUrls", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Urls" } } } } }, "deprecated": true }, "post": { "tags": [ "Intermediate CA Certificates" ], "summary": "updateSslExemptedUrls", "description": "Adds URLs to the exempted from SSL Inspection and policy evaluation list or removes URLs from the list. To add a URL to the list, set the action parameter to ADD_TO_LIST. To remove a URL, set action to REMOVE_FROM_LIST.
Retrieve the mapping between device type universally unique identifier (UUID) values and the device type names for all the device types supported by the Zscaler AI/ML.
", "operationId": "getDeviceTypes", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "successful operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IotItemInfo" }, "description": "" } } } } }, "deprecated": false } }, "/iotDiscovery/categories": { "get": { "tags": [ "IoT Report" ], "summary": "getCategories", "description": "Retrieve the mapping between the device category universally unique identifier (UUID) values and the category names for all the device categories supported by the Zscaler AI/ML. The parent of device category is device type.
", "operationId": "getCategories", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "successful operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IotItemInfo" }, "description": "" } } } } }, "deprecated": false } }, "/iotDiscovery/classifications": { "get": { "tags": [ "IoT Report" ], "summary": "getClassifications", "description": "Retrieve the mapping between the device classification universally unique identifier (UUID) values and the classification names for all the device classifications supported by Zscaler AI/ML. The parent of device classification is device category.
", "operationId": "getClassifications", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "successful operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IotItemInfo" }, "description": "" } } } } }, "deprecated": false } }, "/iotDiscovery/deviceList": { "get": { "tags": [ "IoT Report" ], "summary": "getDeviceList", "description": "Retrieve a list of discovered devices with the following key contexts, IP address, location, ML auto-label, classification, category, and type.
", "operationId": "getDeviceList", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "successful operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IotDeviceInfo" } } } } }, "deprecated": false } }, "/locations/{locationId}/sublocations": { "get": { "tags": [ "Location Management" ], "summary": "getSubLocations", "description": "Gets the sub-location information for the location with the specified ID. These are the sublocations associated to the parent location.
", "operationId": "getSubLocations", "parameters": [ { "name": "locationId", "in": "path", "description": "The unique identifier for the location. The sub-location information given is based on the parent location's ID.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "search", "in": "query", "description": "The search string used to partially match against a sub-location's name and port attributes.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "sslScanEnabled", "in": "query", "description": "This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Filter based on whether the Enable SSL Scanning setting is enabled or disabled for a sub-location.
", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "xffEnabled", "in": "query", "description": "Filter based on whether the Enforce XFF Forwarding setting is enabled or disabled for a sub-location.", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "authRequired", "in": "query", "description": "Filter based on whether the Enforce Authentication setting is enabled or disabled for a sub-location.", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "bwEnforced", "in": "query", "description": "Filter based on whether Bandwith Control is being enforced for a sub-location.", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "enforceAup", "in": "query", "description": "Filter based on whether Enforce AUP setting is enabled or disabled for a sub-location.", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "enableFirewall", "in": "query", "description": "Filter based on whether Enable Firewall setting is enabled or disabled for a sub-location.", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "enableIOT", "in": "query", "description": "If set to true, the city field (containing IoT-enabled location IDs, names, latitudes, and longitudes) and the iotDiscoveryEnabled filter are included in the response. Otherwise, they are not included.
", "style": "form", "explode": true, "schema": { "type": "boolean" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/Location" }, "description": "" } } } } }, "deprecated": false } }, "/locations/groups": { "get": { "tags": [ "Location Management" ], "summary": "getLocationGroups", "description": "Gets information on location groups. To learn more, see About Location Groups.
", "operationId": "getLocationGroups", "parameters": [ { "name": "version", "in": "query", "description": "The version parameter is for Zscaler internal use only. The version is used by the service for backup operations.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 0 } }, { "name": "name", "in": "query", "description": "The location group's name.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "groupType", "in": "query", "description": "The location group's type (i.e., Static or Dynamic).", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "comments", "in": "query", "description": "Additional comments or information about the location group.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "locationId", "in": "query", "description": "The unique identifier for a location within a location group.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32" } }, { "name": "lastModUser", "in": "query", "description": "The admin who modified the location group last.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "page", "in": "query", "description": "Specifies the page offset.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "pageSize", "in": "query", "description": "Specifies the page size. The default size is 100, but the maximum size is 1000.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 100 } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/LocationGroup" }, "description": "" } } } } }, "deprecated": false } }, "/locations/groups/count": { "get": { "tags": [ "Location Management" ], "summary": "getGroupsCount", "description": "Gets the list of location groups for your organization.", "operationId": "getGroupsCount", "parameters": [ { "name": "lastModUser", "in": "query", "description": "The admin who modified the location group last.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "version", "in": "query", "description": "The version parameter is for Zscaler internal use only. The version is used by the service for backup operations.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 0 } }, { "name": "name", "in": "query", "description": "The location group's name.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "groupType", "in": "query", "description": "The location group's type (i.e., Static or Dynamic).", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "comments", "in": "query", "description": "Additional comments or information about the location group.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "locationId", "in": "query", "description": "The unique identifier for a location within a location group.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "integer", "format": "int32" } } } } }, "deprecated": false } }, "/locations/groups/lite": { "get": { "tags": [ "Location Management" ], "summary": "getGroupsSummary", "description": "Gets the name and ID dictionary of location groups.", "operationId": "getGroupsSummary", "parameters": [ { "name": "page", "in": "query", "description": "Specifies the page offset.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "pageSize", "in": "query", "description": "Specifies the page size. The default size is 100, but the maximum size is 1000.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 100 } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/LocationGroup" } } } } }, "deprecated": false } }, "/locations/groups/lite/{id}": { "get": { "tags": [ "Location Management" ], "summary": "getGroupSummary", "description": "Gets the name and ID dictionary for the specified location group ID. The response only providesid, name, and deleted information. ",
"operationId": "getGroupSummary",
"parameters": [
{
"name": "id",
"in": "path",
"description": "The unique identifier for the location group.",
"required": true,
"style": "simple",
"schema": {
"type": "integer",
"format": "int32"
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/LocationGroup"
}
}
}
}
},
"deprecated": false
}
},
"/locations/groups/{id}": {
"get": {
"tags": [
"Location Management"
],
"summary": "getGroupById",
"description": "Gets the location group for the specified ID.",
"operationId": "getGroupById",
"parameters": [
{
"name": "id",
"in": "path",
"description": "The unique identifier for the location group.",
"required": true,
"style": "simple",
"schema": {
"type": "integer",
"format": "int32"
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/LocationGroup"
}
}
}
}
},
"deprecated": false
}
},
"/ruleLabels": {
"get": {
"tags": [
"Rule Labels"
],
"summary": "getRuleLabels",
"description": "Gets a list of rule labels. To learn more, see About Rule Labels.",
"operationId": "getRuleLabels",
"parameters": [
{
"name": "page",
"in": "query",
"description": "Specifies the page offset.",
"style": "form",
"explode": true,
"schema": {
"type": "integer",
"format": "int32",
"default": 1
}
},
{
"name": "pageSize",
"in": "query",
"description": "Specifies the page size. The default size is 100, but the maximum size is 1000.",
"style": "form",
"explode": true,
"schema": {
"type": "integer",
"format": "int32",
"default": 250
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RuleLabel"
},
"description": ""
}
}
}
}
},
"deprecated": false
},
"post": {
"tags": [
"Rule Labels"
],
"summary": "addRuleLabel",
"description": "Adds a rule label.",
"operationId": "addRuleLabel",
"parameters": [
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RuleLabel"
}
}
}
}
},
"deprecated": false
}
},
"/ruleLabels/{ruleLabelId}": {
"get": {
"tags": [
"Rule Labels"
],
"summary": "getRuleLabelById",
"description": "Gets rule label information for the specified ID.",
"operationId": "getRuleLabelById",
"parameters": [
{
"name": "ruleLabelId",
"in": "path",
"description": "The unique identifier for the rule label.",
"required": true,
"style": "simple",
"schema": {
"type": "integer",
"format": "int32"
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RuleLabel"
}
}
}
}
},
"deprecated": false
},
"put": {
"tags": [
"Rule Labels"
],
"summary": "updateRuleLabel",
"description": "Updates rule label information for the specified ID.",
"operationId": "updateRuleLabel",
"parameters": [
{
"name": "ruleLabelId",
"in": "path",
"description": "The unique identifier for the rule label.",
"required": true,
"style": "simple",
"schema": {
"type": "integer",
"format": "int32"
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RuleLabel"
}
}
}
}
},
"deprecated": false
},
"delete": {
"tags": [
"Rule Labels"
],
"summary": "deleteRuleLabel",
"description": "Deletes the rule label for the specified ID.",
"operationId": "deleteRuleLabel",
"parameters": [
{
"name": "ruleLabelId",
"in": "path",
"description": "The unique identifier for the rule label.",
"required": true,
"style": "simple",
"schema": {
"type": "integer",
"format": "int32"
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"default": {
"description": "Successful Operation",
"headers": {},
"content": {}
}
},
"deprecated": false
}
},
"/behavioralAnalysisAdvancedSettings": {
"get": {
"tags": [
"Sandbox Settings"
],
"summary": "getCustomFileHash",
"description": "Gets the custom list of MD5 file hashes that are blocked by Sandbox
", "operationId": "getCustomFileHash", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BaAdvancedSettings" } } } } }, "deprecated": false }, "put": { "tags": [ "Sandbox Settings" ], "summary": "updateCustomFileHash", "description": "Updates the custom list of MD5 file hashes that are blocked by Sandbox. This overwrites a previously generated blocklist. If you need to completely erase the blocklist, submit an empty list.
Note: Only the file types that are supported by Sandbox analysis can be blocked using MD5 hashes.
", "operationId": "updateCustomFileHash", "parameters": [], "requestBody": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BaAdvancedSettings" } } }, "required": false }, "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BaAdvancedSettings" } } } } }, "deprecated": false } }, "/behavioralAnalysisAdvancedSettings/fileHashCount": { "get": { "tags": [ "Sandbox Settings" ], "summary": "getCustomFileHashQuota", "description": "Gets the used and unused quota for blocking MD5 file hashes with Sandbox
", "operationId": "getCustomFileHashQuota", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CustomFileHashQuota" } } } } }, "deprecated": false } }, "/cloudApplications/bulkUpdate": { "put": { "tags": [ "Shadow IT Report" ], "summary": "bulkUpdateCloudApplication", "description": "Updates application status and tag information for predefined or custom cloud applications based on the IDs specified", "operationId": "bulkUpdateCloudApplication", "parameters": [], "requestBody": { "description": "", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CloudApplication" } } }, "required": true }, "responses": { "default": { "description": "Successful Operation", "headers": {}, "content": {} } }, "deprecated": false } }, "/cloudApplications/lite": { "get": { "tags": [ "Shadow IT Report" ], "summary": "getCloudApplicationsLite", "description": "Gets the list of predefined and custom cloud applications", "operationId": "getCloudApplicationsLite", "parameters": [ { "name": "pageNumber", "in": "query", "description": "Specifies the page number. The numbering starts at 0.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 0 } }, { "name": "limit", "in": "query", "description": "Specifies the maximum number of cloud applications that must be retrieved in a page", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1000 } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/NamedItem" }, "description": "" } } } } }, "deprecated": false } }, "/customTags": { "get": { "tags": [ "Shadow IT Report" ], "summary": "getAllCustomTags", "description": "Gets the list of custom tags available to assign to cloud applications", "operationId": "getAllCustomTags", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/CustomTag" }, "description": "" } } } } }, "deprecated": false } }, "/shadowIT/applications/export": { "post": { "tags": [ "Shadow IT Report" ], "summary": "getReportDataApplicationsExport", "description": "Export the Shadow IT Report (in CSV format) for the cloud applications recognized by Zscaler based on their usage in your organization. This report lists cloud applications along with a number of parameters including the sanction status for each application, the risk index assigned for the application, application usage details, application hosting information, and application security-related information, such as SSL certificate validity, data encryption (in transit), security certifications, published CVE, involvement in data breaches, etc.
You can generate this report for specific applications by using the application parameter. If no value is specified for this parameter, the report is generated for all cloud applications. You can customize the report by using various filters to show only the cloud applications that match specific parameters. To learn more, see About Shadow IT Report.
", "operationId": "getReportDataApplicationsExport", "parameters": [], "requestBody": { "description": "Information used to generate the Shadow IT Report for the cloud applications recognized by Zscaler based on their usage in your organization. The list of fields is as follows:
Note: The duration parameter is required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
ANY, NONE, WEB_MAIL, SOCIAL_NETWORKING, STREAMING, P2P, INSTANT_MESSAGING, WEB_SEARCH, GENERAL_BROWSING, ADMINISTRATION, ENTERPRISE_COLLABORATION, BUSINESS_PRODUCTIVITY, SALES_AND_MARKETING, SYSTEM_AND_DEVELOPMENT, CONSUMER, FILE_SHARE, HOSTING_PROVIDER, IT_SERVICES, DNS_OVER_HTTPS, HUMAN_RESOURCES, LEGAL, HEALTH_CARE, FINANCE, and CUSTOM_CAPP.1, 2, 3, 4, and 5.UN_SANCTIONED, SANCTIONED, and ANY.NONE, RANGE_1_100, RANGE_100_1000, RANGE_1000_10000, and RANGE_10000_INF.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, CSA_STAR, ISO_27001, HIPAA, FISMA, FEDRAMP, SOC2, ISO_27018, PCI_DSS, ISO_27017, SOC1, SOC3, GDPR, CCPA, FERPA, COPPA, HITECH, EU_US_SWISS_PRIVACY_SHIELD, EU_US_PRIVACY_SHIELD_FRAMEWORK, CISP, AICPA, FIPS, SAFE_BIOPHARMA, ISAE_3000, SSAE_18, NIST, ISO_14001, SOC, TRUSTE, ISO_26262, ISO_20252, RGPD, ISO_20243, ISO_10002, JIS_Q_15001_2017, and ISMAP.
YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, UN_KNOWN, BITS_2048, BITS_256, BITS_3072, BITS_384, BITS_4096, and BITS_1024.
Information used to generate the Shadow IT Report for the cloud applications recognized by Zscaler based on their usage in your organization. The list of fields is as follows:
Note: The duration parameter is required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
ANY, NONE, WEB_MAIL, SOCIAL_NETWORKING, STREAMING, P2P, INSTANT_MESSAGING, WEB_SEARCH, GENERAL_BROWSING, ADMINISTRATION, ENTERPRISE_COLLABORATION, BUSINESS_PRODUCTIVITY, SALES_AND_MARKETING, SYSTEM_AND_DEVELOPMENT, CONSUMER, FILE_SHARE, HOSTING_PROVIDER, IT_SERVICES, DNS_OVER_HTTPS, HUMAN_RESOURCES, LEGAL, HEALTH_CARE, FINANCE, and CUSTOM_CAPP.1, 2, 3, 4, and 5.UN_SANCTIONED, SANCTIONED, and ANY.NONE, RANGE_1_100, RANGE_100_1000, RANGE_1000_10000, and RANGE_10000_INF.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, CSA_STAR, ISO_27001, HIPAA, FISMA, FEDRAMP, SOC2, ISO_27018, PCI_DSS, ISO_27017, SOC1, SOC3, GDPR, CCPA, FERPA, COPPA, HITECH, EU_US_SWISS_PRIVACY_SHIELD, EU_US_PRIVACY_SHIELD_FRAMEWORK, CISP, AICPA, FIPS, SAFE_BIOPHARMA, ISAE_3000, SSAE_18, NIST, ISO_14001, SOC, TRUSTE, ISO_26262, ISO_20252, RGPD, ISO_20243, ISO_10002, JIS_Q_15001_2017, and ISMAP.
YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, UN_KNOWN, BITS_2048, BITS_256, BITS_3072, BITS_384, BITS_4096, and BITS_1024.
Export the Shadow IT Report (in CSV format) for the list of users or known locations identified with using the cloud applications specified in the request. This report includes information about each user who has interacted with the application or the known location from where the application is accessed, application category, application usage details, the number of transactions made, last accessed time, etc.
You can customize the report per your requirements by using various filters. To learn more, see About Application Information.
", "operationId": "getReportTransactionsExport", "parameters": [ { "name": "entity", "in": "path", "description": "Indicates whether the Shadow IT Report must be generated to retrieve the list of users who have interacted with a cloud application or the known locations where the cloud application is accessed
", "required": true, "style": "simple", "schema": { "allOf": [ { "$ref": "#/components/schemas/entity" }, { "description": "Indicates whether the Shadow IT Report must be generated to retrieve the list of users who have interacted with a cloud application or the known locations where the cloud application is accessed
" } ] } } ], "requestBody": { "description": "Information used to generate the Shadow IT Report for the list of users that have interacted with a specific cloud application or the known locations where the cloud application is accessed. The list of fields is as follows:
Note: The duration and application parameters are required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.application: (Required) The cloud application for which user or location data must be retrieved.
Note: Only one cloud application can be specified at a time in this field.
Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
Information used to generate the Shadow IT Report for the list of users that have interacted with a specific cloud application or the known locations where the cloud application is accessed. The list of fields is as follows:
Note: The duration and application parameters are required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.application: (Required) The cloud application for which user or location data must be retrieved.
Note: Only one cloud application can be specified at a time in this field.
Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
Adds a GRE tunnel configuration.
Note: Specifying withinCountryOnly or subcloud parameter is mandatory if this endpoint uses a virtual IP address (VIP) retrieved by passing either of these parameters in GET /vips/recommendedList.
Gets the IPv6 configuration details for the organization. For information about IPv6 support, see Understanding IPv6 Support.
", "operationId": "getIPv6Configuration", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IPv6Configuration" } } } } }, "deprecated": false } }, "/ipv6config/dns64prefix": { "get": { "tags": [ "Traffic Forwarding" ], "summary": "getDns64Prefixes", "description": "Gets the list of NAT64 prefixes configured as the DNS64 prefix for the organization. To learn more, see About the DNS64 Prefix.",
"operationId": "getDns64Prefixes",
"parameters": [
{
"name": "search",
"in": "query",
"description": "The search string used to match against a DNS64 prefix’s name, description, or prefixMask attributes.",
"style": "form",
"explode": true,
"schema": {
"type": "string"
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/IPv6PrefixMask"
},
"description": ""
}
}
}
}
},
"deprecated": false
}
},
"/ipv6config/nat64prefix": {
"get": {
"tags": [
"Traffic Forwarding"
],
"summary": "getNat64Prefixes",
"description": "
Gets the list of NAT64 prefixes configured for the organization. The prefix which has the dnsPrefix field set to true is identified as the DNS64 prefix. To learn more, see About NAT64 Prefixes.
name, description, or prefixMask attributes.",
"style": "form",
"explode": true,
"schema": {
"type": "string"
}
},
{
"name": "page",
"in": "query",
"description": "Specifies the page offset.",
"style": "form",
"explode": true,
"schema": {
"type": "integer",
"format": "int32",
"default": 1
}
},
{
"name": "pageSize",
"in": "query",
"description": "Specifies the page size. The default size is 100 and the maximum size is 1000.",
"style": "form",
"explode": true,
"schema": {
"type": "integer",
"format": "int32",
"default": 500
}
},
{
"name": "Content-Type",
"in": "header",
"description": "",
"required": true,
"style": "simple",
"schema": {
"enum": [
"application/json"
],
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Successful Operation",
"headers": {},
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/IPv6PrefixMask"
},
"description": ""
}
}
}
}
},
"deprecated": false
}
},
"/orgProvisioning/ipGreTunnelInfo": {
"get": {
"tags": [
"Traffic Forwarding"
],
"summary": "getIPGWDetails",
"description": "Gets a list of IP addresses with GRE tunnel details.
", "operationId": "getIPGWDetails", "parameters": [ { "name": "ipAddresses", "in": "query", "description": "Filter based on an IP address range.", "style": "form", "explode": true, "schema": { "type": "array", "items": { "type": "string" } } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/IpDetails" }, "description": "" } } } } }, "deprecated": false } }, "/region/byGeoCoordinates": { "get": { "tags": [ "Traffic Forwarding" ], "summary": "getRegionByGeoCoordinates", "description": "Retrieves the geographical data of the region or city that is located in the specified latitude and longitude coordinates. The geographical data includes the city name, state, country, geographical ID of the city and state, etc.
", "operationId": "getRegionByGeoCoordinates", "parameters": [ { "name": "latitude", "in": "query", "description": "The latitude coordinate of the city or region", "required": true, "style": "form", "explode": true, "schema": { "type": "number", "format": "double" } }, { "name": "longitude", "in": "query", "description": "The longitude coordinate of the city or region", "required": true, "style": "form", "explode": true, "schema": { "type": "number", "format": "double" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RegionInfo" } } } } }, "deprecated": false } }, "/region/byIPAddress/{ip}": { "get": { "tags": [ "Traffic Forwarding" ], "summary": "getRegionBySrcIPAddress", "description": "Retrieves information about the geo-location of the specified IP address, including the city, state, and country of location, geographical ID of the city and state, postal code, etc.
", "operationId": "getRegionBySrcIPAddress", "parameters": [ { "name": "ip", "in": "path", "description": "The IP address for which you want to retrieve the geo-location and other geographical data.", "required": true, "style": "simple", "schema": { "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RegionInfo" } } } } }, "deprecated": false } }, "/region/search": { "get": { "tags": [ "Traffic Forwarding" ], "summary": "getRegionsByPrefix", "description": "Retrieves the list of cities (along with their geographical data) that match the prefix search. The geographical data includes the latitude and longitude coordinates of the city, geographical ID of the city and state, country, postal code, etc.
", "operationId": "getRegionsByPrefix", "parameters": [ { "name": "prefix", "in": "query", "description": "The string used in the prefix search of the city or region. The prefix can contain names of city, state, country in the following format: city name, state name, country name. A phrase for city name is mandatory, whereas the state and country names can be optionally provided to narrow down the search results.
Gets a paginated list of the virtual IP addresses (VIPs) available in the Zscaler cloud, including region and data center information. By default, the request gets all public VIPs in the cloud, but you can also include private or all VIPs in the request, if necessary.
\n", "operationId": "getZscalerNodesDetails", "parameters": [ { "name": "dc", "in": "query", "description": "Filter based on data center.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "region", "in": "query", "description": "Filter based on region.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "page", "in": "query", "description": "Specifies the page offset.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "pageSize", "in": "query", "description": "Specifies the page size. The default size is 100, but the maximum size is 1000.", "style": "form", "explode": true, "schema": { "type": "integer", "format": "int64", "default": 100 } }, { "name": "include", "in": "query", "description": "Include all, private, or public VIPs in the list.", "style": "form", "explode": true, "schema": { "allOf": [ { "$ref": "#/components/schemas/include" }, { "description": "Include all, private, or public VIPs in the list." } ] } }, { "name": "subcloud", "in": "query", "description": "Filter based on the subcloud for the VIP. To learn more see, About Subcloud.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/PublicNode" }, "description": "" } } } } }, "deprecated": false } }, "/vips/groupByDatacenter": { "get": { "tags": [ "Traffic Forwarding" ], "summary": "getRecommendedVipsGroupedByDC", "description": "Gets a list of recommended GRE tunnel virtual IP addresses (VIPs), grouped by data center, based on source IP address or latitude/longitude coordinates.", "operationId": "getRecommendedVipsGroupedByDC", "parameters": [ { "name": "routableIP", "in": "query", "description": "The routable IP address.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "withinCountryOnly", "in": "query", "description": "Search within country only.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": false } }, { "name": "includePrivateServiceEdge", "in": "query", "description": "Include ZIA Private Service Edge VIPs.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "includeCurrentVips", "in": "query", "description": "Include currently assigned VIPs.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "sourceIp", "in": "query", "description": "The source IP address.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "latitude", "in": "query", "description": "The latitude coordinate of the GRE tunnel source.", "style": "form", "explode": true, "schema": { "type": "number", "format": "double" } }, { "name": "longitude", "in": "query", "description": "The longitude coordinate of the GRE tunnel source.", "style": "form", "explode": true, "schema": { "type": "number", "format": "double" } }, { "name": "subcloud", "in": "query", "description": "The subcloud for the VIP. To learn more see, About Subcloud.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/DatacenterVips" }, "description": "" } } } } }, "deprecated": false } }, "/vips/recommendedList": { "get": { "tags": [ "Traffic Forwarding" ], "summary": "getRecommendedGreVips", "description": "Gets a list of recommended GRE tunnel virtual IP addresses (VIPs), based on source IP address or latitude/longitude coordinates.", "operationId": "getRecommendedGreVips", "parameters": [ { "name": "routableIP", "in": "query", "description": "The routable IP address.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "withinCountryOnly", "in": "query", "description": "Search within country only.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": false } }, { "name": "includePrivateServiceEdge", "in": "query", "description": "Include ZIA Private Service Edge VIPs.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "includeCurrentVips", "in": "query", "description": "Include currently assigned VIPs.", "style": "form", "explode": true, "schema": { "type": "boolean", "default": true } }, { "name": "sourceIp", "in": "query", "description": "The source IP address.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "latitude", "in": "query", "description": "The latitude coordinate of the GRE tunnel source.", "style": "form", "explode": true, "schema": { "type": "number", "format": "double" } }, { "name": "longitude", "in": "query", "description": "The longitude coordinate of the GRE tunnel source.", "style": "form", "explode": true, "schema": { "type": "number", "format": "double" } }, { "name": "subcloud", "in": "query", "description": "The subcloud for the VIP. To learn more see, About Subcloud.", "style": "form", "explode": true, "schema": { "type": "string" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/GreVirtualIp" }, "description": "" } } } } }, "deprecated": false } }, "/urlFilteringRules": { "get": { "tags": [ "URL Filtering Policies" ], "summary": "getRules", "description": "Gets a list of all of URL Filtering Policy rules.
", "operationId": "getRules", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UrlFilteringRule" }, "description": "" } } } } }, "deprecated": false }, "post": { "tags": [ "URL Filtering Policies" ], "summary": "addRule", "description": "Adds a URL Filtering Policy rule.
If you are using the Admin Rank feature, refer to About Admin Rank to determine which value to provide for rank when adding a policy rule. If you are not using Admin Rank, the rank value must be 7.
Gets the URL Filtering Policy rule for the specified ID.
", "operationId": "getRuleById", "parameters": [ { "name": "ruleId", "in": "path", "description": "The unique identifier for the URL Filtering Policy rule.", "required": true, "style": "simple", "schema": { "type": "integer", "format": "int32" } }, { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UrlFilteringRule" } } } } }, "deprecated": false }, "put": { "tags": [ "URL Filtering Policies" ], "summary": "updateRule", "description": "Updates the URL Filtering Policy rule for the specified ID.
If you are using the Admin Rank feature, refer to About Admin Rank to determine which value to provide for rank when adding a policy rule. If you are not using Admin Rank, the rank value must be 7.
Gets a list of URLs that were exempted from cookie authentication. To learn more, see URL Format Guidelines.
", "operationId": "getAuthExemptedUrls", "parameters": [ { "name": "Content-Type", "in": "header", "description": "", "required": true, "style": "simple", "schema": { "enum": [ "application/json" ], "type": "string" } } ], "responses": { "200": { "description": "Successful Operation", "headers": {}, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Urls" } } } } }, "deprecated": false }, "post": { "tags": [ "User Authentication Settings" ], "summary": "updateAuthExemptedUrls", "description": "Adds a URL to or removes a URL from the cookie authentication exempt list. To add a URL to the list, set the action parameter to ADD_TO_LIST. To remove a URL, set action to REMOVE_FROM_LIST.
The admin role specifies an admin's level of access to the Zscaler Admin Portal.
" }, "AdminUser": { "title": "AdminUser", "required": [ "loginName", "userName", "email" ], "type": "object", "properties": { "id": { "type": "integer", "description": "Admin or auditor's user ID.", "format": "int32" }, "loginName": { "type": "string", "description": "Admin or auditor's login name. loginName is in email format and uses the domain name associated to the Zscaler account.
" }, "userName": { "type": "string", "description": "Admin or auditor's username." }, "email": { "type": "string", "description": "Admin or auditor's email address." }, "role": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "Role of the admin. This is not required for an auditor." } ] }, "comments": { "type": "string", "description": "Additional information about the admin or auditor." }, "adminScope": { "allOf": [ { "$ref": "#/components/schemas/AdminScope" }, { "description": "The admin's scope. A scope is required for admins, but not applicable to auditors. This attribute is subject to change." } ] }, "isNonEditable": { "type": "boolean", "description": "Indicates whether or not the admin can be edited or deleted.", "default": false }, "disabled": { "type": "boolean", "description": "Indicates whether or not the admin account is disabled." }, "isAuditor": { "type": "boolean", "description": "Indicates whether the user is an auditor. This attribute is subject to change.", "default": false }, "password": { "type": "string", "description": "The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response.\"" }, "isPasswordLoginAllowed": { "type": "boolean", "description": "The default is true when SAML Authentication is disabled. When SAML Authentication is enabled, this can be set to false in order to force the admin to login via SSO only.", "default": false }, "isSecurityReportCommEnabled": { "type": "boolean", "description": "Communication for Security Report is enabled.", "default": false }, "isServiceUpdateCommEnabled": { "type": "boolean", "description": "Communication setting for Service Update.", "default": false }, "isProductUpdateCommEnabled": { "type": "boolean", "description": "Communication setting for Product Update.", "default": false }, "isPasswordExpired": { "type": "boolean", "description": "Indicates whether or not an admin's password has expired.", "default": false }, "isExecMobileAppEnabled": { "type": "boolean", "description": "Indicates whether or not Executive Insights App access is enabled for the admin.", "default": false }, "execMobileAppTokens": { "type": "array", "items": { "$ref": "#/components/schemas/MobileAppTokenInfo" }, "description": "Read-only information about a Executive Insights App token, if it exists." } }, "description": "Admin and auditor information." }, "User": { "title": "User", "required": [ "name", "email", "groups", "department", "password" ], "type": "object", "properties": { "id": { "type": "integer", "description": "User ID", "format": "int32", "readOnly": true }, "name": { "type": "string", "description": "User name. This appears when choosing users for policies.
Note: The name field allows values containing UTF-8 characters up to a maximum of 127 characters.
" }, "email": { "type": "string", "description": "User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
Note: The email field allows values of alphanumeric characters and certain special characters up to a maximum of 127 characters. The use of the @ symbol is mandatory. This field corresponds to the User ID (also referred to as Login ID) field in the UI. However, the data validation in the UI uses different constraints.
zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities."
},
"extensions": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Additional information about the entity"
}
},
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
},
"AdminScope": {
"title": "AdminScope",
"type": "object",
"properties": {
"scopeGroupMemberEntities": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Only applicable for the LOCATION_GROUP admin scope type, in which case this attribute gives the list of ID/name pairs of locations within the location group. The attribute name is subject to change."
},
"Type": {
"allOf": [
{
"$ref": "#/components/schemas/Type"
},
{
"description": "The admin scope type. The attribute name is subject to change."
}
]
},
"ScopeEntities": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Based on the admin scope type, the entities can be the ID/name pair of departments, locations, or location groups. The attribute name is subject to change."
}
},
"description": "An admin's scope can be limited to certain resources, policies, or reports. An admin's scope can be limited by LOCATION, LOCATION GROUP, or DEPARTMENT. If this is not specified, then the admin has an ORGANIZATION scope by default."
},
"MobileAppTokenInfo": {
"title": "MobileAppTokenInfo",
"type": "object",
"properties": {
"cloud": {
"type": "string"
},
"orgId": {
"type": "integer",
"format": "int32"
},
"name": {
"type": "string"
},
"tokenId": {
"type": "string"
},
"token": {
"type": "string"
},
"tokenExpiry": {
"type": "integer",
"format": "int64"
},
"createTime": {
"type": "integer",
"format": "int64"
},
"deviceId": {
"type": "string"
},
"deviceName": {
"type": "string"
}
},
"description": "Executive Insights App device token information."
},
"Group": {
"title": "Group",
"required": [
"id",
"name"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique identfier for the group",
"format": "int32"
},
"name": {
"type": "string",
"description": "Group name"
},
"idpId": {
"type": "integer",
"description": "Unique identfier for the identity provider (IdP)",
"format": "int64"
},
"comments": {
"type": "string",
"description": "Additional information about the group"
}
}
},
"Department": {
"title": "Department",
"required": [
"id",
"name"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Department ID",
"format": "int32"
},
"name": {
"type": "string",
"description": "Department name"
},
"idpId": {
"type": "integer",
"description": "Identity provider (IdP) ID",
"format": "int64"
},
"comments": {
"type": "string",
"description": "Additional information about this department"
},
"deleted": {
"type": "boolean",
"default": false
}
}
},
"BrowserIsolationProfile": {
"title": "BrowserIsolationProfile",
"type": "object",
"properties": {
"id": {
"type": "string",
"description": "The universally unique identifier (UUID) for the browser isolation profile
" }, "name": { "type": "string", "description": "Name of the browser isolation profile
" }, "url": { "type": "string", "description": "The browser isolation profile URL
" }, "defaultProfile": { "type": "boolean", "description": "(Optional) Indicates whether this is a default browser isolation profile. Zscaler sets this field.
" } }, "description": "Information about browser isolation profile. To learn more, see What Is Isolation? and Creating Isolation Profiles for ZIA.
" }, "DlpDictionaryDom": { "title": "DlpDictionaryDom", "type": "object", "properties": { "id": { "type": "integer", "description": "Unique identifier for the DLP dictionary", "format": "int32", "readOnly": true }, "name": { "type": "string", "description": "The DLP dictionary's name" }, "description": { "type": "string", "description": "The description of the DLP dictionary" }, "confidenceThreshold": { "allOf": [ { "$ref": "#/components/schemas/ConfidenceThreshold" }, { "description": "The DLP confidence threshold" } ] }, "predefinedCountActionType": { "allOf": [ { "$ref": "#/components/schemas/PredefinedCountActionType" }, { "description": "This field specifies whether duplicate matches of a phrase from a dictionary must be counted individually toward the match count or ignored, thereby maintaining a single count for multiple occurrences.
Note: This field is currently applicable only to the predefined Names dictionaries, such as Names (US), Names (Canada), and Names (Spain).
" } ] }, "dictionaryCloningEnabled": { "type": "boolean", "description": "A Boolean constant that indicates that the cloning option is supported for the DLP dictionary using the true value. This field is applicable only to predefined DLP dictionaries.
", "readOnly": true }, "proximityEnabledForCustomDictionary": { "type": "boolean", "description": "A Boolean constant that indicates if proximity length is enabled or disabled for a custom DLP dictionary. A true value indicates that proximity length is enabled, whereas a false value indicates that it is disabled.
Note: This field is applicable only for specific custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option. For predefined DLP dictionaries, this field value is always set to false.
" }, "phrases": { "type": "array", "items": { "$ref": "#/components/schemas/DictionaryPhraseActionString" }, "description": "List containing the phrases used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries." }, "customPhraseMatchType": { "allOf": [ { "$ref": "#/components/schemas/CustomPhraseMatchType" }, { "description": "The DLP custom phrase match type" } ] }, "customPhraseSupported": { "type": "boolean", "description": "A Boolean constant that indicates that custom phrases are supported for the DLP dictionary using the true value. This field is applicable only to predefined DLP dictionaries with a high confidence score threshold.
", "readOnly": true }, "patterns": { "type": "array", "items": { "$ref": "#/components/schemas/DictionaryPatternActionString" }, "description": "List containing the patterns used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries" }, "nameL10nTag": { "type": "boolean", "description": "Indicates whether the name is localized or not. This is always set to True for predefined DLP dictionaries.", "readOnly": true }, "thresholdType": { "allOf": [ { "$ref": "#/components/schemas/ThresholdType" }, { "description": "DLP threshold type" } ], "readOnly": true }, "dictionaryType": { "allOf": [ { "$ref": "#/components/schemas/DictionaryType" }, { "description": "The DLP dictionary type." } ] }, "exactDataMatchDetails": { "type": "array", "items": { "$ref": "#/components/schemas/ExactDataMatchDetail" }, "description": "Exact Data Match (EDM) related information for custom DLP dictionaries." }, "hierarchicalDictionary": { "type": "boolean", "description": "A true value indicates that the DLP dictionary is of hierarchical type that includes sub-dictionaries. A false value indicates that the dictionary is not hierarchical.", "readOnly": true }, "hierarchicalIdentifiers": { "type": "array", "items": { "$ref": "#/components/schemas/HierarchicalIdentifier" }, "description": "The list of identifiers selected within a DLP dictionary of hierarchical type. Each identifier represents a sub-dictionary that consists of specific patterns. To retrieve the list of identifiers that are available for selection within a specific hierarchical dictionary, send a GET request to /dlpDictionaries/{dictId}/predefinedIdentifiers.
To learn about hierarchical dictionaries, see Configuring the URL Filtering Policy.
Note: This field is applicable to predefined hierarchical dictionaries, such as the Driver’s License (United States), Passport Number (European Union), and Credentials and Secrets dictionaries or their clones.
" }, "idmProfileMatchAccuracy": { "type": "array", "items": { "$ref": "#/components/schemas/IdmProfileMatchAccuracyDetail" }, "description": "List of Indexed Document Match (IDM) profiles and their corresponding match accuracy for custom DLP dictionaries." }, "ignoreExactMatchIdmDict": { "type": "boolean", "description": "Indicates whether to exclude documents that are a 100% match to already-indexed documents from triggering an Indexed Document Match (IDM) Dictionary." }, "includeBinNumbers": { "type": "boolean", "description": "A true value denotes that the specified Bank Identification Number (BIN) values are included in the Credit Cards dictionary. A false value denotes that the specified BIN values are excluded from the Credit Cards dictionary.
Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.
" }, "binNumbers": { "type": "array", "items": { "type": "integer", "format": "int32" }, "description": "The list of Bank Identification Number (BIN) values that are included or excluded from the Credit Cards dictionary. BIN values can be specified only for Diners Club, Mastercard, RuPay, and Visa cards. Up to 512 BIN values can be configured in a dictionary.
Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.
" }, "dictTemplateId": { "type": "integer", "description": "ID of the predefined dictionary (original source dictionary) that is used for cloning. This field is applicable only to cloned dictionaries. Only a limited set of identification-based predefined dictionaries (e.g., Credit Cards, Social Security Numbers, National Identification Numbers, etc.) can be cloned. Up to 4 clones can be created from a predefined dictionary.
", "format": "int32" }, "predefinedClone": { "type": "boolean", "description": "This field is set to true if the dictionary is cloned from a predefined dictionary. Otherwise, it is set to false.
", "readOnly": true }, "proximity": { "type": "integer", "description": "The DLP dictionary proximity length that defines how close a high confidence phrase must be to an instance of the pattern (that the dictionary detects) to count as a match.
Note: Proximity length is supported only for specific predefined DLP dictionaries with a high confidence score threshold and custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option.
", "format": "int32" }, "custom": { "type": "boolean", "description": "This value is set to true for custom DLP dictionaries.", "readOnly": true }, "proximityLengthEnabled": { "type": "boolean", "description": "A Boolean constant that indicates whether the proximity length option is supported for a DLP dictionary or not. A true value indicates that the proximity length option is supported, whereas a false value indicates that it is not supported.
Note: Proximity length is supported only for specific predefined DLP dictionaries with a high confidence score threshold and custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option.
", "readOnly": true } }, "description": "A DLP dictionary contains a set of patented algorithms that are designed to detect specific kinds of information in user traffic. For a list of and information on all predefined dictionaries, see About DLP Dictionaries.
You can modify predefined DLP dictionaries or create custom dictionaries for content that is not properly covered by them. For example, using the cloud service API, you can create custom DLP dictionaries that trigger based on specific patterns and phrases. To learn more, see Adding Custom DLP Dictionaries, Defining Patterns for Custom DLP Dictionaries, and Defining Phrases for Custom DLP Dictionaries. You can also create custom DLP dictionaries based on Exact Data Match (EDM) or Indexed Document Match (IDM). To learn more, see About Exact Data Match and see About Indexed Document Match.
" }, "SMMsgStatusInfo": { "title": "SMMsgStatusInfo", "type": "object", "properties": { "status": { "type": "string" }, "errPosition": { "type": "integer", "format": "int32" }, "errMsg": { "type": "string" }, "errParameter": { "type": "string" }, "errSuggestion": { "type": "string" }, "idList": { "type": "array", "items": { "type": "integer", "format": "int32" }, "description": "" } }, "description": "Error message information that is returned when an invalid pattern is identified within a custom DLP dictionary" }, "DlpEngineDom": { "title": "DlpEngineDom", "type": "object", "properties": { "id": { "type": "integer", "description": "The unique identifier for the DLP engine.", "format": "int32" }, "name": { "type": "string", "description": "The DLP engine name as configured by the admin. This attribute is required in POST and PUT requests for custom DLP engines." }, "predefinedEngineName": { "type": "string", "description": "The name of the predefined DLP engine.", "readOnly": true }, "engineExpression": { "type": "string", "description": "The logical expression that defines a DLP engine by combining DLP dictionaries using logical operators, namely All (AND), Any (OR), Exclude (NOT), and Sum (the total number of content matches). To learn more about DLP engine expressions, see Understanding DLP Engines.
Engine expression examples:
((D63.S > 1))((D38.S > 1) AND (D63.S > 1))((D38.S > 1) OR (D63.S > 1))((D38.S > 0) AND ( NOT ( (D61.S > 0) ) )(SUM(D63.S, D38.S) > 3)In the preceding examples, 63 represents the ID of the Credit Cards dictionary ID, 61 is the Financial Statements ID, and 38 is the ABA Bank Routing Numbers dictionary ID. Each dictionary ID is wrapped around by a prefix (D) and a suffix (.S).
" }, "customDlpEngine": { "type": "boolean", "description": "Indicates whether this is a custom DLP engine. If this value is set to true, the engine is custom." }, "description": { "type": "string", "description": "The DLP engine's description." } }, "description": "DLP engine information." }, "DlpEngineExpValidationResponse": { "title": "DlpEngineExpValidationResponse", "type": "object", "properties": { "status": { "type": "string", "description": "DLP engine expression validation status" }, "errMsg": { "type": "string", "description": "Error message from DLP engine expression validation" }, "errParameter": { "type": "string", "description": "Error parameter in the DLP engine expression" }, "errSuggestion": { "type": "string", "description": "Suggestion for error correction" } }, "description": "Error message information that is returned when a DLP engine expression is invalid." }, "AdvancedDataProtectionSchema": { "title": "AdvancedDataProtectionSchema", "type": "object", "properties": { "schemaId": { "type": "integer", "description": "The identifier (1-65519) for the EDM schema (i.e., EDM template) that is unique within the organization.", "format": "int32", "readOnly": true }, "edmClient": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The unique identifer for the Index Tool that was used to create the EDM template. This attribute is ignored by PUT requests, but required for POST requests." } ] }, "projectName": { "type": "string", "description": "The EDM schema (i.e., EDM template) name. This attribute is ignored by PUT requests, but required for POST requests." }, "revision": { "type": "integer", "description": "The revision number of the CSV file upload to the Index Tool. This attribute is required by PUT requests.", "format": "int32" }, "filename": { "type": "string", "description": "The generated filename, excluding the extention.", "readOnly": true }, "originalFileName": { "type": "string", "description": "The name of the CSV file uploaded to the Index Tool. This attribute is required by PUT and POST requests." }, "fileUploadStatus": { "allOf": [ { "$ref": "#/components/schemas/FileUploadStatus" }, { "description": "The status of the EDM template's CSV file upload to the Index Tool. This attribute is required by PUT and POST requests." } ] }, "origColCount": { "type": "integer", "description": "The total count of actual columns selected from the CSV file. This attribute is required by PUT and POST requests.", "format": "int32" }, "lastModifiedBy": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The admin that modified the EDM template's schema last." } ], "readOnly": true }, "lastModifiedTime": { "type": "integer", "description": "Timestamp when the EDM schema (i.e., EDM template) was last modified. Ignored if the request is PUT, POST, or DELETE.", "format": "int32", "readOnly": true }, "createdBy": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The login name (or userid) the admin who created the EDM schema (i.e., EDM template). Ignored if the request is PUT, POST, or DELETE." } ], "readOnly": true }, "cellsUsed": { "type": "integer", "description": "The total number of cells used by the EDM schema (i.e., EDM template).", "format": "int64", "readOnly": true }, "schemaActive": { "type": "boolean", "description": "Indicates the status of a specified EDM schema (i.e., EDM template). If this value is set to true, the schema is active and can be used by DLP dictionaries.", "readOnly": true }, "tokenList": { "type": "array", "items": { "$ref": "#/components/schemas/AdvancedDataProtectionSchemaToken" }, "description": "The list of tokens (or criteria) to match against. Up to 16 tokens can be selected for data matching. This attribute is required by PUT and POST requests." }, "schedulePresent": { "type": "boolean", "description": "Indicates whether the EDM schema (i.e., the EDM template configured using the Index Tool) has a schedule.", "readOnly": true }, "schedule": { "allOf": [ { "$ref": "#/components/schemas/AdvancedDataProtectionSchemaSchedule" }, { "description": "The schedule details, if present for the EDM schema (i.e., EDM template). Ignored if the request is PUT, POST, or DELETE." } ], "readOnly": true } }, "description": "Exact Data Match (EDM) template (i.e., schema) information." }, "AdvancedDataProtectionSchemaLite": { "title": "AdvancedDataProtectionSchemaLite", "type": "object", "properties": { "schema": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The identifier (1-65519) for the EDM schema (i.e., EDM template) that is unique within the organization." } ], "readOnly": true }, "tokens": { "uniqueItems": true, "type": "array", "items": { "$ref": "#/components/schemas/AdvancedDataProtectionSchemaToken" }, "description": "The tokens (or criteria) used by the EDM schema (i.e., EDM template).", "readOnly": true } }, "description": "Exact Data Match (EDM) template (i.e., schema) information retrieved by /dlpExactDataMatchSchemas/lite." }, "DlpNotificationTemplate": { "title": "DlpNotificationTemplate", "required": [ "name", "subject", "plainTextMessage", "htmlMessage" ], "type": "object", "properties": { "id": { "type": "integer", "description": "The unique identifier for a DLP notification template.", "format": "int32" }, "name": { "type": "string", "description": "The DLP notification template name." }, "subject": { "type": "string", "description": "The Subject line that is displayed within the DLP notification email." }, "attachContent": { "type": "boolean", "description": "If set to true, the content that is violation is attached to the DLP notification email." }, "plainTextMessage": { "type": "string", "description": "The template for the plain text UTF-8 message body that must be displayed in the DLP notification email." }, "htmlMessage": { "type": "string", "description": "The template for the HTML message body that must be displayed in the DLP notification email." } }, "description": "DLP notification template information." }, "ICAPServer": { "title": "ICAPServer", "required": [ "name", "url", "status" ], "type": "object", "properties": { "id": { "type": "integer", "description": "The unique identifier for a DLP server.", "format": "int32" }, "name": { "type": "string", "description": "The DLP server name." }, "url": { "type": "string", "description": "The DLP server URL." }, "status": { "allOf": [ { "$ref": "#/components/schemas/Status" }, { "description": "The DLP server status" } ] } }, "description": "DLP server (i.e., servers using ICAP) information." }, "IdmProfile": { "title": "IdmProfile", "type": "object", "properties": { "profileId": { "type": "integer", "description": "The identifier (1-64) for the IDM template (i.e., IDM profile) that is unique within the organization.", "format": "int32", "readOnly": true }, "profileName": { "type": "string", "description": "The IDM template name, which is unique per Index Tool." }, "profileDesc": { "type": "string", "description": "The IDM template's description." }, "profileType": { "allOf": [ { "$ref": "#/components/schemas/ProfileType" }, { "description": "The IDM template's type." } ] }, "host": { "type": "string", "description": "The fully qualified domain name (FQDN) of the IDM template's host machine." }, "port": { "type": "integer", "description": "The port number of the IDM template's host machine.", "format": "int32" }, "profileDirPath": { "type": "string", "description": "The IDM template's directory file path, where all files are present." }, "scheduleType": { "allOf": [ { "$ref": "#/components/schemas/ScheduleType1" }, { "description": "The schedule type for the IDM template's schedule (i.e., Monthly, Weekly, Daily, or None). This attribute is required by PUT and POST requests." } ] }, "scheduleDay": { "type": "integer", "description": "The day the IDM template is scheduled for. This attribute is required by PUT and POST requests.", "format": "int32" }, "scheduleDayOfMonth": { "type": "array", "items": { "$ref": "#/components/schemas/ScheduleDayOfMonth" }, "description": "The day of the month that the IDM template is scheduled for. This attribute is required by PUT and POST requests, and when scheduleType is set to MONTHLY." }, "scheduleDayOfWeek": { "type": "array", "items": { "$ref": "#/components/schemas/ScheduleDayOfWeek" }, "description": "The day of the week the IDM template is scheduled for. This attribute is required by PUT and POST requests, and when scheduleType is set to WEEKLY." }, "scheduleTime": { "type": "integer", "description": "The time of the day (in minutes) that the IDM template is scheduled for. For example: at 3am= 180 mins. This attribute is required by PUT and POST requests.", "format": "int32" }, "scheduleDisabled": { "type": "boolean", "description": "If set to true, the schedule for the IDM template is temporarily in a disabled state. This attribute is required by PUT requests in order to disable or enable a schedule." }, "uploadStatus": { "allOf": [ { "$ref": "#/components/schemas/UploadStatus" }, { "description": "The status of the file uploaded to the Index Tool for the IDM template." } ] }, "userName": { "type": "string", "description": "The username to be used on the IDM template's host machine." }, "version": { "type": "integer", "description": "The version number for the IDM template.", "format": "int32" }, "idmClient": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The unique identifer for the Index Tool that was used to create the IDM template. This attribute is required by POST requests, but ignored if provided in PUT requests." } ] }, "volumeOfDocuments": { "type": "integer", "description": "The total volume of all the documents associated to the IDM template.", "format": "int64" }, "numDocuments": { "type": "integer", "description": "The number of documents associated to the IDM template.", "format": "int32" }, "lastModifiedTime": { "type": "integer", "description": "The date and time the IDM template was last modified.", "format": "int32", "readOnly": true }, "modifiedBy": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The admin that modified the IDM template last." } ], "readOnly": true } }, "description": "Indexed Document Match (IDM) template (or profile) information." }, "IdmProfileSummary": { "title": "IdmProfileSummary", "type": "object", "properties": { "profileId": { "type": "integer", "description": "The unique identifier for the IDM template (i.e., IDM profile).", "format": "int32" }, "templateName": { "type": "string", "description": "The IDM template name." }, "clientVm": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The name of the Index Tool virtual machine (VM) that the IDM template belongs to." } ] }, "numDocuments": { "type": "integer", "description": "The number of documents.", "format": "int32" }, "lastModified": { "type": "integer", "description": "The timestamp the IDM template was last modified.", "format": "int32" }, "modifiedBy": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The admin that modified the IDM template last." } ] } }, "description": "IDM template (i.e., IDM profile) summary information." }, "IncidentReceiverServer": { "title": "IncidentReceiverServer", "required": [ "name", "url", "status" ], "type": "object", "properties": { "id": { "type": "integer", "description": "The unique identifier for the Incident Receiver.", "format": "int32" }, "name": { "type": "string", "description": "The Incident Receiver server name." }, "url": { "type": "string", "description": "The Incident Receiver server URL." }, "status": { "allOf": [ { "$ref": "#/components/schemas/Status1" }, { "description": "The status of the Incident Receiver." } ] }, "flags": { "type": "integer", "description": "The Incident Receiver server flag.", "format": "int32" } }, "description": "Zscaler Incident Receiver information." }, "WebDlpRule": { "title": "WebDlpRule", "type": "object", "properties": { "accessControl": { "allOf": [ { "$ref": "#/components/schemas/AccessControl" }, { "description": "The access privilege for this DLP policy rule based on the admin's state." } ], "readOnly": true }, "id": { "type": "integer", "description": "The unique identifier for the DLP policy rule.", "format": "int32" }, "order": { "type": "integer", "description": "The rule order of execution for the DLP policy rule with respect to other rules.", "format": "int32" }, "protocols": { "type": "array", "items": { "$ref": "#/components/schemas/Protocol" }, "description": "The protocol criteria specified for the DLP policy rule." }, "rank": { "type": "integer", "description": "The admin rank of the admin who created the DLP policy rule.", "format": "int32" }, "description": { "type": "string", "description": "The description of the DLP policy rule." }, "locations": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The Name-ID pairs of locations to which the DLP policy rule must be applied." }, "locationGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The Name-ID pairs of locations groups to which the DLP policy rule must be applied." }, "groups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The Name-ID pairs of groups to which the DLP policy rule must be applied." }, "departments": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The Name-ID pairs of departments to which the DLP policy rule must be applied." }, "users": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The Name-ID pairs of users to which the DLP policy rule must be applied." }, "workloadGroups": { "type": "array", "items": { "$ref": "#/components/schemas/WorkloadGroup" }, "description": "The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups." }, "urlCategories": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The list of URL categories to which the DLP policy rule must be applied." }, "dlpEngines": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The list of DLP engines to which the DLP policy rule must be applied." }, "includedDomainProfiles": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The list of domain profiles that must be added to the DLP rule criteria in order to apply the DLP rules only to domains that are part of the specified profiles. A maximum of 8 profiles can be selected." }, "excludedDomainProfiles": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The list of domain profiles that must be added to the DLP rule criteria in order to apply the DLP rules to all domains excluding the domains that are part of the specified profiles. A maximum of 8 profiles can be selected." }, "severity": { "allOf": [ { "$ref": "#/components/schemas/Severity" }, { "description": "Indicates the severity selected for the DLP rule violation" } ] }, "parentRule": { "type": "integer", "description": "The unique identifier of the parent rule under which an exception rule is added.
Note: Exception rules can be configured only when the inline DLP rule evaluation type is set to evaluate all DLP rules in the DLP Advanced Settings. To learn more, see Configuring DLP Advanced Settings.
", "format": "int32" }, "subRules": { "type": "array", "items": { "type": "object" }, "description": "The list of exception rules added to a parent rule.
Note:
WebDlpRule model are applicable to the sub-rules. Values for each rule are specified by using the WebDlpRule object.The list of file types for which the DLP policy rule must be applied.
Note:
If this field is set to true, Zscaler Client Connector notification is enabled for the block action triggered by the web DLP rule. If this field is set to false, Zscaler Client Connector notification is disabled.
Note: This field can be configured only if the Web DLP Violation end user notification is enabled.
" } }, "description": "DLP policy rule information." }, "DictionaryPhraseActionString": { "title": "DictionaryPhraseActionString", "type": "object", "properties": { "action": { "allOf": [ { "$ref": "#/components/schemas/Action" }, { "description": "The action applied to a DLP dictionary using phrases" } ] }, "phrase": { "type": "string", "description": "DLP dictionary phrase" } }, "description": "DLP dictionary phrase and action" }, "DictionaryPatternActionString": { "title": "DictionaryPatternActionString", "type": "object", "properties": { "action": { "allOf": [ { "$ref": "#/components/schemas/Action1" }, { "description": "The action applied to a DLP dictionary using patterns" } ] }, "pattern": { "type": "string", "description": "DLP dictionary pattern" } }, "description": "DLP dictionary pattern and action" }, "ExactDataMatchDetail": { "title": "ExactDataMatchDetail", "type": "object", "properties": { "dictionaryEdmMappingId": { "type": "integer", "description": "The unique identifier for the EDM mapping.", "format": "int32" }, "schemaId": { "type": "integer", "description": "The unique identifier for the EDM template (or schema).", "format": "int32" }, "primaryField": { "type": "integer", "description": "The EDM template's primary field.", "format": "int32" }, "secondaryFields": { "type": "array", "items": { "type": "integer", "format": "int32" }, "description": "The EDM template's secondary fields." }, "secondaryFieldMatchOn": { "allOf": [ { "$ref": "#/components/schemas/SecondaryFieldMatchOn" }, { "description": "The EDM secondary field to match on." } ] } }, "description": "Exact Data Match (EDM) details." }, "IdmProfileMatchAccuracyDetail": { "title": "IdmProfileMatchAccuracyDetail", "type": "object", "properties": { "adpIdmProfile": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "The IDM template reference." } ] }, "matchAccuracy": { "allOf": [ { "$ref": "#/components/schemas/MatchAccuracy" }, { "description": "The IDM template match accuracy." } ] } }, "description": "Indexed Document Match (IDM) template (or profile) match accuracy details." }, "AdvancedDataProtectionSchemaToken": { "title": "AdvancedDataProtectionSchemaToken", "type": "object", "properties": { "name": { "type": "string", "description": "The token (i.e., criteria) name. This attribute is required by PUT and POST requests." }, "type": { "allOf": [ { "$ref": "#/components/schemas/Type2" }, { "description": "The token type. This attribute is required by PUT and POST requests." } ] }, "primaryKey": { "type": "boolean", "description": "Indicates whether the token is a primary key." }, "originalColumn": { "type": "integer", "description": "The column position for the token in the original CSV file uploaded to the Index Tool, starting from 1. This attribue required by PUT and POST requests.", "format": "int32" }, "hashfileColumnOrder": { "type": "integer", "description": "The column position for the token in the hashed file, starting from 1.", "format": "int32", "readOnly": true }, "colLengthBitmap": { "type": "integer", "description": "The length of the column bitmap in the hashed file.", "format": "int64", "readOnly": true } }, "description": "Exact Data Match (EDM) template (i.e., schema) token (or criteria) information." }, "AdvancedDataProtectionSchemaSchedule": { "title": "AdvancedDataProtectionSchemaSchedule", "type": "object", "properties": { "scheduleType": { "allOf": [ { "$ref": "#/components/schemas/ScheduleType" }, { "description": "The schedule type for the EDM schema (i.e., EDM template), Monthly, Weekly, Daily, or None. This attribute is required by PUT and POST requests." } ] }, "scheduleDayOfMonth": { "type": "array", "items": { "$ref": "#/components/schemas/ScheduleDayOfMonth" }, "description": "The day of the month the EDM schema (i.e., EDM template) is scheduled for. This attribute is required by PUT and POST requests, and if the scheduleType is set to MONTHLY." }, "scheduleDayOfWeek": { "type": "array", "items": { "$ref": "#/components/schemas/ScheduleDayOfWeek" }, "description": "The day of the week the EDM schema (i.e., EDM template) is scheduled for. This attribute is required by PUT and POST requests, and if the scheduleType is set to WEEKLY." }, "scheduleTime": { "type": "integer", "description": "The time of the day (in minutes) that the EDM schema (i.e., EDM template) is scheduled for. For example: at 3am= 180 mins. This attribute is required by PUT and POST requests.", "format": "int32" }, "scheduleDisabled": { "type": "boolean", "description": "If set to true, the schedule for the EDM schema (i.e., EDM template) is temporarily in a disabled state. This attribute is required by PUT requests in order to disable or enable a schedule." } }, "description": "Exact Data Match (EDM) template (i.e., schema) schedule information." }, "WorkloadGroup": { "title": "WorkloadGroup", "type": "object", "properties": { "id": { "type": "integer", "description": "A unique identifier assigned to the workload group", "format": "int32" }, "name": { "type": "string", "description": "The name of the workload group" }, "description": { "type": "string", "description": "The description of the workload group" }, "expressionJson": { "$ref": "#/components/schemas/WorkloadTagExpression" }, "expression": { "type": "string", "description": "The workload group expression containing tag types, tags, and their relationships." }, "lastModifiedTime": { "type": "integer", "description": "Timestamp when the workload group was last modified", "format": "int32" }, "lastModifiedBy": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "This is an immutable reference to an entity. which mainly consists of id and name" } ] } }, "description": "Workload group information" }, "WorkloadTagExpression": { "title": "WorkloadTagExpression", "type": "object", "properties": { "expressionContainers": { "type": "array", "items": { "$ref": "#/components/schemas/ExpressionContainer" }, "description": "Contains one or more tag types (and associated tags) combined using logical operators within a workload group" } } }, "ExpressionContainer": { "title": "ExpressionContainer", "type": "object", "properties": { "tagType": { "allOf": [ { "$ref": "#/components/schemas/TagType" }, { "description": "The tag type selected from a predefined list" } ] }, "operator": { "allOf": [ { "$ref": "#/components/schemas/Operator" }, { "description": "The operator (either AND or OR) used to create logical relationships among tag types" } ] }, "tagContainer": { "allOf": [ { "$ref": "#/components/schemas/TagContainer" }, { "description": "One or more tags combined using logical operators within a tag type" } ] } }, "description": "One or more tag types (and associated tags) combined using logical operators within a workload group" }, "TagContainer": { "title": "TagContainer", "type": "object", "properties": { "tags": { "type": "array", "items": { "$ref": "#/components/schemas/Tag" }, "description": "One or more tags, each consisting of a key-value pair, selected within a tag type. If multiple tags are present within a tag type, they are combined using a logical operator.
Note: A maximum of 8 tags can be added to a workload group, irrespective of the number of tag types present.
" }, "operator": { "allOf": [ { "$ref": "#/components/schemas/Operator1" }, { "description": "The logical operator (either AND or OR) used to combine the tags within a tag type" } ] } }, "description": "One or more tags combined using logical operators within a tag type" }, "Tag": { "title": "Tag", "type": "object", "properties": { "key": { "type": "string", "description": "The key component present in the key-value pair contained in a tag" }, "value": { "type": "string", "description": "The value component present in the key-value pair contained in a tag" } }, "description": "The list of tags (key-value pairs) selected within a tag type" }, "DeviceGroup": { "title": "DeviceGroup", "type": "object", "properties": { "id": { "type": "integer", "description": "The unique identifer for the device group.", "format": "int32" }, "name": { "type": "string", "description": "The device group name." }, "groupType": { "allOf": [ { "$ref": "#/components/schemas/GroupType" }, { "description": "The device group type." } ] }, "description": { "type": "string", "description": "The device group's description." }, "osType": { "type": "string", "description": "The operating system (OS)." }, "predefined": { "type": "boolean", "description": "Indicates whether this is a predefined device group. If this value is set to true, the group is predefined.", "readOnly": true }, "deviceCount": { "type": "integer", "description": "The number of devices within the group.", "format": "int32" } }, "description": "Device group information." }, "Device": { "title": "Device", "type": "object", "properties": { "id": { "type": "integer", "description": "The unique identifier for the device.", "format": "int32" }, "name": { "type": "string", "description": "The device name." }, "deviceGroupType": { "allOf": [ { "$ref": "#/components/schemas/DeviceGroupType" }, { "description": "The device group type." } ] }, "deviceModel": { "type": "string", "description": "The device model." }, "osType": { "allOf": [ { "$ref": "#/components/schemas/OsType" }, { "description": "The operating system (OS)." } ] }, "osVersion": { "type": "string", "description": "The operating system version." }, "description": { "type": "string", "description": "The device's description." }, "ownerUserId": { "type": "integer", "description": "The unique identifier of the device owner (i.e., user).", "format": "int32" }, "ownerName": { "type": "string", "description": "The device owner's user name." }, "hostName": { "type": "string", "description": "The hostname of the device." } }, "description": "Device information." }, "TaskInfo": { "title": "TaskInfo", "type": "object", "properties": { "status": { "allOf": [ { "$ref": "#/components/schemas/Status2" }, { "description": "Status of running task" } ] }, "progressItemsComplete": { "type": "integer", "description": "Number of items processed", "format": "int32" }, "progressEndTime": { "type": "integer", "description": "End time", "format": "int64" }, "errorMessage": { "type": "string", "description": "Error message" }, "errorCode": { "$ref": "#/components/schemas/ErrorCode" } } }, "EventLogEntryRequest": { "title": "EventLogEntryRequest", "type": "object", "properties": { "startTime": { "type": "integer", "description": "Start time for event log entry", "format": "int64" }, "endTime": { "type": "integer", "description": "End time for event log entry", "format": "int64" }, "page": { "type": "integer", "description": "Specifies the page offset", "format": "int32" }, "pageSize": { "type": "integer", "description": "Specifies the page size", "format": "int32" }, "category": { "type": "string", "description": "Filters the list based on the category of event log entries" }, "subcategories": { "type": "array", "items": { "type": "string" }, "description": "Filters the list based on the subcategories within a category of event log entries" }, "actionResult": { "type": "string", "description": "Filters the list based on the outcome of the events recorded" }, "message": { "type": "string", "description": "The search string used to match against the event log message" }, "errorCode": { "type": "string", "description": "The search string used to match against the error code in event log entries" }, "statusCode": { "type": "string", "description": "The search string used to match against the status code in event log entries" } }, "description": "Event log report request" }, "FirewallFilteringRule": { "title": "FirewallFilteringRule", "required": [ "name" ], "type": "object", "properties": { "id": { "type": "integer", "description": "Unique identifier for the Firewall Filtering policy rule", "format": "int32" }, "name": { "type": "string", "description": "Name of the Firewall Filtering policy rule" }, "order": { "type": "integer", "description": "Rule order number of the Firewall Filtering policy rule", "format": "int32" }, "rank": { "type": "integer", "description": "Admin rank of the Firewall Filtering policy rule", "format": "int32" }, "locations": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The locations to which the Firewall Filtering policy rule applies" }, "locationGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The location groups to which the Firewall Filtering policy rule applies" }, "departments": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The departments to which the Firewall Filtering policy rule applies" }, "groups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The groups to which the Firewall Filtering policy rule applies" }, "users": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The users to which the Firewall Filtering policy rule applies" }, "timeWindows": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "The time interval in which the Firewall Filtering policy rule applies" }, "workloadGroups": { "type": "array", "items": { "$ref": "#/components/schemas/WorkloadGroup" }, "description": "The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups." }, "action": { "allOf": [ { "$ref": "#/components/schemas/Action3" }, { "description": "The action the Firewall Filtering policy rule takes when packets match the rule" } ] }, "state": { "allOf": [ { "$ref": "#/components/schemas/State1" }, { "description": "Determines whether the Firewall Filtering policy rule is enabled or disabled" } ] }, "description": { "type": "string", "description": "Additional information about the rule" }, "lastModifiedTime": { "type": "integer", "description": "Timestamp when the rule was last modified. Ignored if the request is POST or PUT. For GET, ignored if or the rule is current version.", "format": "int32" }, "lastModifiedBy": { "allOf": [ { "$ref": "#/components/schemas/EntityReference" }, { "description": "This is an immutable reference to an entity. which mainly consists of id and name" } ] }, "srcIps": { "type": "array", "items": { "type": "string" }, "description": "User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address." }, "srcIpGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
Note: For organizations that have enabled IPv6, the srcIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
" }, "sourceCountries": { "type": "array", "items": { "$ref": "#/components/schemas/SourceCountry" }, "description": "The list of source countries that must be included or excluded from the rule based on the excludeSrcCountries field value. If no value is set, this field is ignored during policy evaluation and the rule is applied to all source countries." }, "excludeSrcCountries": { "type": "boolean", "description": "Indicates whether the countries specified in the sourceCountries field are included or excluded from the rule. A true value denotes that the specified source countries are excluded from the rule. A false value denotes that the rule is applied to the source countries if there is a match." }, "destAddresses": { "type": "array", "items": { "type": "string" }, "description": "List of destination IP addresses for which the rule is applicable. CIDR notation can be used for destination IP addresses. If not set, the rule is not restricted to a specific destination addresses unless specified by destCountries, destIpGroups or destIpCategories." }, "destIpCategories": { "type": "array", "items": { "$ref": "#/components/schemas/DestIpCategory" }, "description": "IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories." }, "destCountries": { "type": "array", "items": { "$ref": "#/components/schemas/DestCountry" }, "description": "Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries." }, "destIpGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "User-defined destination IP address groups to which the rule is applied. If not set, the rule is not restricted to a specific destination IP address group.
Note: For organizations that have enabled IPv6, the destIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
" }, "nwServices": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "User-defined network services to which the rule is applied. If not set, the rule is not restricted to a specific network service." }, "nwServiceGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "User-defined network service group to which the rule is applied. If not set, the rule is not restricted to a specific network service group." }, "nwApplications": { "type": "array", "items": { "$ref": "#/components/schemas/NwApplication" }, "description": "User-defined network service applications to which the rule is applied. If not set, the rule is not restricted to a specific network service application." }, "nwApplicationGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "User-defined network service application group to which the rule is applied. If not set, the rule is not restricted to a specific network service application group." }, "appServices": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "Application services on which this rule is applied" }, "appServiceGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "Application service groups on which this rule is applied" }, "devices": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "Name-ID pairs of devices for which rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
" }, "deviceGroups": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
" }, "deviceTrustLevels": { "type": "array", "items": { "$ref": "#/components/schemas/DeviceTrustLevel" }, "description": "List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
" }, "labels": { "type": "array", "items": { "$ref": "#/components/schemas/EntityReference" }, "description": "Labels that are applicable to the rule." }, "defaultRule": { "type": "boolean", "description": "If set to true, the default rule is applied", "default": false }, "predefined": { "type": "boolean", "description": "If set to true, a predefined rule is applied", "default": false } } }, "DestinationIpGroup": { "title": "DestinationIpGroup", "type": "object", "properties": { "id": { "type": "integer", "description": "Unique identifer for the destination IP group", "format": "int32" }, "name": { "type": "string", "description": "Destination IP group name" }, "type": { "allOf": [ { "$ref": "#/components/schemas/Type3" }, { "description": "Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)" } ] }, "addresses": { "type": "array", "items": { "type": "string" }, "description": "Destination IP addresses, FQDNs, or wildcard FQDNs added to the group." }, "description": { "type": "string", "description": "Additional information about the destination IP group" }, "ipCategories": { "type": "array", "items": { "$ref": "#/components/schemas/IpCategory" }, "description": "Destination IP address URL categories. You can identify destinations based on the URL category of the domain." }, "countries": { "type": "array", "items": { "$ref": "#/components/schemas/Country" }, "description": "Destination IP address counties. You can identify destinations based on the location of a server." }, "isNonEditable": { "type": "boolean", "description": "If set to true, the destination IP address group is non-editable. This field is applicable only to predefined IP address groups, which cannot be modified.
" } } }, "DestinationIpGroup2": { "title": "DestinationIpGroup2", "type": "object", "properties": { "id": { "type": "integer", "description": "Unique identifer for the destination IP group", "format": "int32" }, "name": { "type": "string", "description": "Destination IP group name" }, "type": { "allOf": [ { "$ref": "#/components/schemas/Type3" }, { "description": "Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)" } ], "readOnly": true }, "addresses": { "type": "array", "items": { "type": "string" }, "description": "Destination FQDNs, domains, or IP addresses within the group. This list must reflect the type of addresses that are specified in thetype attribute. DSTN_FQDN type must contain only FQDNs. DSTN_DOMAIN type can be a mix of FQDNs, domains, or wildcard domains. DSTN_IP type can have any of the following: Single IP address- Range of IP Addresses (e.g., 1.1.1.1 - 1.1.1.255)
- IP addresses specified by subnet mask. (e.g., 1.1.1.0/24)
"
},
"description": {
"type": "string",
"description": "Additional information about the destination IP group"
},
"ipCategories": {
"type": "array",
"items": {
"$ref": "#/components/schemas/IpCategory1"
},
"description": "Destination IP address URL categories. You can identify destinations based on the URL category of the domain."
},
"countries": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Country"
},
"description": "Destination IP address counties. You can identify destinations based on the location of a server."
},
"ipAddresses": {
"type": "array",
"items": {
"type": "string"
},
"description": "Destination FQDNs or IP addresses within the group. This list cannot contain both. The IP address can be any of the following: - Single IP address
- Range of IP Addresses (e.g., 1.1.1.1 - 1.1.1.255)
- IP addresses specified by subnet mask. (e.g., 1.1.1.0/24)
"
},
"urlCategories": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UrlCategory"
},
"description": "This attribute is present for backward compatibility only. Zscaler recommends using the ipCategories attribute. Destination IP address URL categories. You can identify destinations based on the URL category of the domain."
}
},
"description": "TBD"
},
"IpGroup": {
"title": "IpGroup",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "A unique identifier of the source IP address group.",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the source IP address group."
},
"ipAddresses": {
"type": "array",
"items": {
"type": "string"
},
"description": "Source IP addresses added to the group."
},
"description": {
"type": "string",
"description": "The description of the source IP address group."
},
"isNonEditable": {
"type": "boolean",
"description": "If set to true, the source IP address group is non-editable. This field is applicable only to predefined IP address groups, which cannot be modified.
"
}
},
"description": "IP group information."
},
"NetworkApplicationGroup": {
"title": "NetworkApplicationGroup",
"type": "object",
"properties": {
"id": {
"type": "integer",
"format": "int32"
},
"name": {
"type": "string"
},
"networkApplications": {
"type": "array",
"items": {
"$ref": "#/components/schemas/NetworkApplication"
},
"description": ""
},
"description": {
"type": "string"
}
}
},
"NetworkApplicationDom": {
"title": "NetworkApplicationDom",
"type": "object",
"properties": {
"id": {
"$ref": "#/components/schemas/Id"
},
"parentCategory": {
"$ref": "#/components/schemas/ParentCategory"
},
"description": {
"type": "string"
},
"deprecated": {
"type": "boolean",
"default": false
}
}
},
"NetworkServiceGroup": {
"title": "NetworkServiceGroup",
"type": "object",
"properties": {
"id": {
"type": "integer",
"format": "int32"
},
"name": {
"type": "string"
},
"services": {
"type": "array",
"items": {
"$ref": "#/components/schemas/NetworkService"
},
"description": ""
},
"description": {
"type": "string"
}
}
},
"NetworkService": {
"title": "NetworkService",
"type": "object",
"properties": {
"id": {
"type": "integer",
"format": "int32"
},
"name": {
"type": "string"
},
"tag": {
"$ref": "#/components/schemas/Tag1"
},
"srcTcpPorts": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PortRange"
},
"description": ""
},
"destTcpPorts": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PortRange"
},
"description": ""
},
"srcUdpPorts": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PortRange"
},
"description": ""
},
"destUdpPorts": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PortRange"
},
"description": ""
},
"type": {
"$ref": "#/components/schemas/Type5"
},
"description": {
"type": "string"
},
"isNameL10nTag": {
"type": "boolean",
"default": false
}
}
},
"TimeWindow": {
"title": "TimeWindow",
"type": "object",
"properties": {
"id": {
"type": "integer",
"format": "int32"
},
"name": {
"type": "string"
},
"startTime": {
"type": "integer",
"format": "int32"
},
"endTime": {
"type": "integer",
"format": "int32"
},
"dayOfWeek": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DayOfWeek"
},
"description": ""
}
}
},
"PortRange": {
"title": "PortRange",
"type": "object",
"properties": {
"start": {
"type": "integer",
"format": "int32"
},
"end": {
"type": "integer",
"format": "int32"
}
}
},
"ForwardingRule": {
"title": "ForwardingRule",
"required": [
"name",
"rank",
"forwardMethod"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "A unique identifier assigned to the forwarding rule",
"format": "int32",
"readOnly": true
},
"name": {
"type": "string",
"description": "The name of the forwarding rule"
},
"type": {
"allOf": [
{
"$ref": "#/components/schemas/Type6"
},
{
"description": "The rule type selected from the available options"
}
]
},
"order": {
"type": "integer",
"description": "The order of execution for the forwarding rule order",
"format": "int32"
},
"rank": {
"type": "integer",
"description": "Admin rank assigned to the forwarding rule",
"format": "int32"
},
"locations": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of the locations to which the forwarding rule applies. If not set, the rule is applied to all locations."
},
"locationGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of the location groups to which the forwarding rule applies"
},
"ecGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies"
},
"departments": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of the departments to which the forwarding rule applies. If not set, the rule applies to all departments."
},
"groups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of the user groups to which the forwarding rule applies. If not set, the rule applies to all groups."
},
"users": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of the users to which the forwarding rule applies. If not set, user criteria is ignored during policy enforcement."
},
"forwardMethod": {
"allOf": [
{
"$ref": "#/components/schemas/ForwardMethod"
},
{
"description": "The type of traffic forwarding method selected from the available options"
}
]
},
"state": {
"allOf": [
{
"$ref": "#/components/schemas/State2"
},
{
"description": "Indicates whether the forwarding rule is enabled or disabled"
}
]
},
"description": {
"type": "string",
"description": "Additional information about the forwarding rule"
},
"lastModifiedTime": {
"type": "integer",
"description": "Timestamp when the rule was last modified. This field is not applicable for POST or PUT request.",
"format": "int32",
"readOnly": true
},
"lastModifiedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"srcIps": {
"type": "array",
"items": {
"type": "string"
},
"description": "User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address."
},
"srcIpGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
Note: For organizations that have enabled IPv6, the srcIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
"
},
"srcIpv6Groups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
"
},
"destAddresses": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of destination IP addresses or FQDNs for which the rule is applicable. CIDR notation can be used for destination IP addresses. If not set, the rule is not restricted to a specific destination addresses unless specified by destCountries, destIpGroups, or destIpCategories."
},
"destIpCategories": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DestIpCategory1"
},
"description": "List of destination IP categories to which the rule applies. If not set, the rule is not restricted to specific destination IP categories."
},
"resCategories": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ResCategory"
},
"description": "List of destination domain categories to which the rule applies"
},
"destCountries": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DestCountry1"
},
"description": "Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries."
},
"destIpGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "User-defined destination IP address groups to which the rule is applied. If not set, the rule is not restricted to a specific destination IP address group.
Note: For organizations that have enabled IPv6, the destIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
"
},
"destIpv6Groups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
"
},
"nwServices": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "User-defined network services to which the rule applies. If not set, the rule is not restricted to a specific network service.
Note: When the forwarding method is Proxy Chaining, only TCP-based network services are considered for policy match .
"
},
"nwServiceGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "User-defined network service group to which the rule applies. If not set, the rule is not restricted to a specific network service group."
},
"proxyGateway": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"zpaAppSegments": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AppSegment"
},
"description": "The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method."
},
"zpaApplicationSegments": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ZpaApplicationSegment"
},
"description": "List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)."
},
"zpaApplicationSegmentGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ZpaApplicationSegmentGroup"
},
"description": "List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)."
},
"zpaGateway": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"zpaBrokerRule": {
"type": "boolean",
"description": "The predefined ZPA Broker Rule generated by Zscaler",
"readOnly": true
},
"devices": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of devices for which the rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation."
},
"deviceGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation."
},
"labels": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Labels that are applicable to the rule"
},
"nwApplications": {
"type": "array",
"items": {
"$ref": "#/components/schemas/NwApplication1"
},
"description": "User-defined network service applications to which the rule applies. If not set, the rule is not restricted to a specific network service application."
},
"nwApplicationGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "User-defined network service application groups to which the rule applied. If not set, the rule is not restricted to a specific network service application group."
},
"timeWindows": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "The time interval at which the forwarding rule applies"
}
},
"description": "Forwarding rule information"
},
"ZpaGateway": {
"title": "ZpaGateway",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "A unique identifier assigned to the ZPA gateway",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the ZPA gateway"
},
"zpaServerGroup": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"zpaAppSegments": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "All the Application Segments that are associated with the selected ZPA Server Group for which Source IP Anchoring is enabled"
},
"zpaTenantId": {
"type": "integer",
"description": "The ID of the ZPA tenant where Source IP Anchoring is configured",
"format": "int64"
},
"lastModifiedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"lastModifiedTime": {
"type": "integer",
"description": "Timestamp when the ZPA gateway was last modified",
"format": "int32"
},
"type": {
"allOf": [
{
"$ref": "#/components/schemas/Type7"
},
{
"description": "Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA)"
}
]
},
"description": {
"type": "string",
"description": "Additional details about the ZPA gateway"
}
},
"description": "ZPA gateway information"
},
"AppSegment": {
"title": "AppSegment",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "A unique identifier assigned to the Application Segment",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the Application Segment"
},
"externalId": {
"type": "integer",
"description": "Indicates the external ID. Applicable only when this reference is of an external entity.",
"format": "int64"
},
"zpaTenantId": {
"type": "integer",
"description": "ID of the ZPA tenant where the Application Segment is configured",
"format": "int64"
}
},
"description": "Application Segment information"
},
"ZpaApplicationSegment": {
"title": "ZpaApplicationSegment",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "A unique identifier assigned to the Application Segment",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the Application Segment"
},
"description": {
"type": "string",
"description": "Additional information about the Application Segment"
},
"zpaId": {
"type": "integer",
"description": "ID of the ZPA tenant where the Application Segment is configured",
"format": "int64"
},
"deleted": {
"type": "boolean",
"description": "Indicates whether the ZPA Application Segment has been deleted",
"readOnly": true
}
},
"description": "Information about the ZPA Application Segment"
},
"ZpaApplicationSegmentGroup": {
"title": "ZpaApplicationSegmentGroup",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "A unique identifier assigned to the Application Segment Group",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the Application Segment Group"
},
"zpaId": {
"type": "integer",
"description": "ID of the ZPA tenant where the Application Segment is configured",
"format": "int64"
},
"deleted": {
"type": "boolean",
"description": "Indicates whether the ZPA Application Segment Group has been deleted",
"readOnly": true
},
"zpaAppSegmentsCount": {
"type": "integer",
"description": "The number of ZPA Application Segments in the group",
"format": "int32"
}
},
"description": "Information about the Application Segment Group"
},
"IntermediateCaCertificate": {
"title": "IntermediateCaCertificate",
"required": [
"name",
"type"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique identifier for the intermediate CA certificate",
"format": "int32",
"readOnly": true
},
"name": {
"type": "string",
"description": "Name of the intermediate CA certificate"
},
"type": {
"allOf": [
{
"$ref": "#/components/schemas/Type8"
},
{
"description": "Type of the intermediate CA certificate. Available types: Zscaler’s intermediate CA certificate (provided by Zscaler), custom intermediate certificate with software protection, and custom intermediate certificate with cloud HSM protection.
"
}
]
},
"region": {
"allOf": [
{
"$ref": "#/components/schemas/Region"
},
{
"description": "Location of the HSM resources. Required for custom intermediate CA certificates with cloud HSM protection.
"
}
]
},
"status": {
"allOf": [
{
"$ref": "#/components/schemas/Status3"
},
{
"description": "Determines whether the intermediate CA certificate is enabled or disabled for SSL inspection. Subscription to cloud HSM protection allows a maximum of four active certificates for SSL inspection at a time, whereas software protection subscription allows only one active certificate.
"
}
]
},
"defaultCertificate": {
"type": "boolean",
"description": "If set to true, the intermediate CA certificate is the default intermediate certificate. Only one certificate can be marked as the default intermediate certificate at a time.
"
},
"certStartDate": {
"type": "integer",
"description": "Start date of the intermediate CA certificate’s validity period",
"format": "int64",
"readOnly": true
},
"certExpDate": {
"type": "integer",
"description": "Expiration date of the intermediate CA certificate’s validity period",
"format": "int64",
"readOnly": true
},
"description": {
"type": "string",
"description": "Description for the intermediate CA certificate"
},
"currentState": {
"allOf": [
{
"$ref": "#/components/schemas/CurrentState"
},
{
"description": "Tracks the progress of the intermediate CA certificate in the configuration workflow
"
}
]
},
"publicKey": {
"type": "string",
"description": "Public key in the HSM key pair generated for the intermediate CA certificate
",
"readOnly": true
},
"keyGenerationTime": {
"type": "integer",
"description": "Timestamp when the HSM key was generated",
"format": "int32",
"readOnly": true
},
"hsmAttestationVerifiedTime": {
"type": "integer",
"description": "Timestamp when the attestation for the HSM key was verified",
"format": "int32",
"readOnly": true
},
"csrFileName": {
"type": "string",
"description": "Certificate Signing Request (CSR) file name",
"readOnly": true
},
"csrGenerationTime": {
"type": "integer",
"description": "Timestamp when the Certificate Signing Request (CSR) was generated",
"format": "int32",
"readOnly": true
}
},
"description": "Intermediate CA certificate information."
},
"CertSigningRequest": {
"title": "CertSigningRequest",
"required": [
"csrFileName",
"commName",
"orgName",
"deptName",
"city",
"state",
"country"
],
"type": "object",
"properties": {
"certId": {
"type": "integer",
"description": "Unique identifier for the intermediate CA certificate",
"format": "int32",
"readOnly": true
},
"csrFileName": {
"type": "string",
"description": "Name of the CSR file"
},
"commName": {
"type": "string",
"description": "Common Name (CN) of your organization’s domain, such as zscaler.com"
},
"orgName": {
"type": "string",
"description": "Name of your organization or company"
},
"deptName": {
"type": "string",
"description": "Name of your department or division"
},
"city": {
"type": "string",
"description": "Name of the city or town where your organization is located"
},
"state": {
"type": "string",
"description": "State, province, region, or county where your organization is located"
},
"country": {
"allOf": [
{
"$ref": "#/components/schemas/Country2"
},
{
"description": "Country where your organization is located"
}
]
},
"keySize": {
"type": "integer",
"description": "Key size to be used in the encryption algorithm in bits. Default size: 2048 bits",
"format": "int32",
"readOnly": true
},
"signatureAlgorithm": {
"allOf": [
{
"$ref": "#/components/schemas/SignatureAlgorithm"
},
{
"description": "Signature algorithm to be used for generating intermediate CA certificate. Default value: SHA256"
}
]
},
"pathLengthConstraint": {
"type": "integer",
"description": "The path length constraint for the intermediate CA certificate. Default values: 0 for cloud HSM, 1 for software protection",
"format": "int32",
"readOnly": true
}
},
"description": "Certificate Signing Request (CSR) information. Required if your organization uses a custom intermediate root certificate for SSL inspection. After generating the CSR, download and send it to your trusted Certificate Authority (CA) to sign as a subordinate CA certificate or intermediate CA certificate.
"
},
"CertCSR": {
"title": "CertCSR",
"type": "object",
"properties": {
"certId": {
"type": "integer",
"description": "Unique identifier for the intermediate CA certificate",
"format": "int32"
},
"csrGenerationTime": {
"type": "integer",
"description": "Timestamp when the CSR was generated",
"format": "int32"
}
},
"description": "Certificate Signing Request (CSR) information."
},
"HsmKey": {
"title": "HsmKey",
"type": "object",
"properties": {
"certId": {
"type": "integer",
"description": "Unique identifier for the intermediate CA certificate",
"format": "int32"
},
"publicKey": {
"type": "string",
"description": "Public key in the HSM key pair generated for the intermediate CA certificate"
},
"keyGenerationTime": {
"type": "integer",
"description": "Timestamp when the HSM key was generated",
"format": "int32"
}
},
"description": "HSM key information."
},
"HsmKeyAttestation": {
"title": "HsmKeyAttestation",
"type": "object",
"properties": {
"certId": {
"type": "integer",
"description": "Unique identifier for the intermediate CA certificate",
"format": "int32"
},
"hsmAttestationVerifiedTime": {
"type": "integer",
"description": "Timestamp when the attestation for the HSM key was verified",
"format": "int32"
}
},
"description": "HSM key attestation verification information."
},
"CustomCertificate": {
"title": "CustomCertificate",
"required": [
"certName",
"commName",
"orgName",
"deptName",
"city",
"state",
"country"
],
"type": "object",
"properties": {
"sha1fingerprint": {
"type": "string",
"description": "Certificate SHA fingerprint, provided only in show cert",
"readOnly": true
},
"validityInDays": {
"type": "integer",
"description": "Number of days of certificate validity, provided only in show cert",
"format": "int32",
"readOnly": true
},
"certName": {
"type": "string",
"description": "Certificate Name"
},
"commName": {
"type": "string",
"description": "Common Name"
},
"orgName": {
"type": "string",
"description": "Organization"
},
"deptName": {
"type": "string",
"description": "Department"
},
"city": {
"type": "string",
"description": "City"
},
"state": {
"type": "string",
"description": "State"
},
"country": {
"allOf": [
{
"$ref": "#/components/schemas/Country3"
},
{
"description": "Country"
}
]
},
"keySize": {
"type": "integer",
"description": "Key Size, by default set to 2048",
"format": "int32",
"readOnly": true
},
"signatureAlgorithm": {
"allOf": [
{
"$ref": "#/components/schemas/SignatureAlgorithm1"
},
{
"description": "Signature Algorithm"
}
]
}
},
"description": "If your organization uses a custom intermediate root certificate for SSL inspection. Click Generate New CSR to open the Generate Certificate Signing Request window. Fill in the CSR request, and click Save. Then click Download CSR. Send this CSR to your CA for signing, and ensure it is signed as a Subordinate Certification Authority or Intermediate Certification Authority."
},
"Urls": {
"title": "Urls",
"type": "object",
"properties": {
"urls": {
"type": "array",
"items": {
"type": "string"
},
"description": "Domains or URLs which are exempted from SSL Inspection"
}
}
},
"IotItemInfo": {
"title": "IotItemInfo",
"type": "object",
"properties": {
"uuid": {
"type": "string",
"description": "The universally unique identifier (UUID) of the item.
"
},
"name": {
"type": "string",
"description": "The name of the item.
"
},
"parent_uuid": {
"type": "string",
"description": "The parent UUID of the item.
Note: This field is not applicable for the device types endpoint.
"
}
},
"description": "Information about the items.
"
},
"IotDeviceInfo": {
"title": "IotDeviceInfo",
"type": "object",
"properties": {
"cloudName": {
"type": "string",
"description": "The Zscaler cloud on which your organization is provisioned.
"
},
"customerId": {
"type": "integer",
"description": "The unique identifier for your organization.
",
"format": "int32"
},
"devices": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DeviceInfo"
},
"description": "A list of DeviceInfo objects.
"
}
},
"description": "Information about all discovered devices.
"
},
"DeviceInfo": {
"title": "DeviceInfo",
"type": "object",
"properties": {
"locationId": {
"type": "string",
"description": "The location ID where the device resides.
"
},
"deviceUuid": {
"type": "string",
"description": "The universally unique identifier (UUID) of the device identified by the Zscaler AI/ML.
"
},
"ipAddress": {
"type": "string",
"description": "The IP address of the device.
"
},
"deviceTypeUuid": {
"type": "string",
"description": "The UUID of the device type identified by the Zscaler AI/Ml.
"
},
"autoLabel": {
"type": "string",
"description": "A label generated by the Zscaler AI/ML engine to describe the device's prominent characteristics.
"
},
"classificationUuid": {
"type": "string",
"description": "The UUID for the device classification.
"
},
"categoryUuid": {
"type": "string",
"description": "The UUID for the device category.
"
},
"flowStartTime": {
"type": "integer",
"description": "The start timestamp at which Zscaler AI/ML engine starts evaluating the device's weblog records. It's noted in epoch seconds.
",
"format": "int32"
},
"flowEndTime": {
"type": "integer",
"description": "The end timestamp at which Zscaler AI/ML engine stops evaluating the device's weblog records. It's noted in epoch seconds.
",
"format": "int32"
}
}
},
"Location": {
"title": "Location",
"required": [
"name"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Location ID.",
"format": "int32",
"readOnly": true
},
"name": {
"type": "string",
"description": "Location Name."
},
"parentId": {
"type": "integer",
"description": "Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB",
"format": "int32"
},
"upBandwidth": {
"type": "integer",
"description": "Upload bandwidth in kbps. The value 0 implies no Bandwidth Control enforcement.",
"format": "int32"
},
"dnBandwidth": {
"type": "integer",
"description": "Download bandwidth in kbps. The value 0 implies no Bandwidth Control enforcement.",
"format": "int32"
},
"country": {
"allOf": [
{
"$ref": "#/components/schemas/Country4"
},
{
"description": "Country"
}
]
},
"tz": {
"allOf": [
{
"$ref": "#/components/schemas/Tz"
},
{
"description": "Timezone of the location. If not specified, it defaults to GMT."
}
]
},
"city": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Geolocation of the IoT device. It displays the name-ID pair for the location (\"city\" : { \"id\":\"0\", \"name\":\"string\" }).
For example, \"city\" : { \"id\":\"2077963\", \"name\":\"Albany, Western Australia, Australia\"}.
"
},
"geoOverride": {
"type": "boolean",
"description": "If this field is set to true, the latitude and longitude values must be provided. By default, it's set to false.
"
},
"latitude": {
"type": "number",
"description": "The value of latitude must be set to 7-digit precision after decimal point, ranging between -90 and 90 degrees.
Note: This field is mandatory if geoOverride is set to true.
"
},
"longitude": {
"type": "number",
"description": "The value of longitude must be set to 7-digit precision after decimal point, ranging between -180 and 180 degrees.
Note: This field is mandatory if geoOverride is set to true.
"
},
"ipAddresses": {
"type": "array",
"items": {
"type": "string"
},
"description": "For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
For sublocations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g., 10.10.33.0/24), or range (e.g., 10.10.33.1-10.10.33.10)).
"
},
"ports": {
"type": "array",
"items": {
"type": "integer",
"format": "int32"
},
"description": "IP ports that are associated with the location."
},
"vpnCredentials": {
"type": "array",
"items": {
"$ref": "#/components/schemas/VPNCredential"
},
"description": "VPN User Credentials that are associated with the location."
},
"authRequired": {
"type": "boolean",
"description": "Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
",
"default": false
},
"sslScanEnabled": {
"type": "boolean",
"description": "This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses. To learn more, see Deploying SSL Inspection
",
"default": false
},
"zappSSLScanEnabled": {
"type": "boolean",
"description": "This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting takes effect, irrespective of the SSL policy that is configured for the location. To learn more, see Configuring SSL Inspection for Zscaler App
",
"default": false
},
"xffForwardEnabled": {
"type": "boolean",
"description": "Enable XFF Forwarding for a location. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
Note: For sublocations, this attribute is a read-only field as the value is inherited from the parent location.
",
"default": false
},
"otherSubLocation": {
"type": "boolean",
"description": "If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other and it can be renamed, if required."
},
"other6SubLocation": {
"type": "boolean",
"description": "If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true."
},
"surrogateIP": {
"type": "boolean",
"description": "Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses. To learn more, see About Surrogate IP.
",
"default": false
},
"idleTimeInMinutes": {
"type": "integer",
"description": "Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
",
"format": "int32"
},
"displayTimeUnit": {
"allOf": [
{
"$ref": "#/components/schemas/DisplayTimeUnit"
},
{
"description": "Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
"
}
]
},
"surrogateIPEnforcedForKnownBrowsers": {
"type": "boolean",
"description": "Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers. To learn more, see About Surrogate IP
",
"default": false
},
"surrogateRefreshTimeInMinutes": {
"type": "integer",
"description": "Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
",
"format": "int32"
},
"surrogateRefreshTimeUnit": {
"allOf": [
{
"$ref": "#/components/schemas/SurrogateRefreshTimeUnit"
},
{
"description": "Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
"
}
]
},
"ofwEnabled": {
"type": "boolean",
"description": "Enable Firewall. When set to true, Firewall is enabled for the location.
",
"default": false
},
"ipsControl": {
"type": "boolean",
"description": "Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
",
"default": false
},
"aupEnabled": {
"type": "boolean",
"description": "Enable AUP. When set to true, AUP is enabled for the location. To learn more, see About End User Notifications
",
"default": false
},
"cautionEnabled": {
"type": "boolean",
"description": "Enable Caution. When set to true, a caution notifcation is enabled for the location. To learn more, see Configuring the Caution Notification
",
"default": false
},
"aupBlockInternetUntilAccepted": {
"type": "boolean",
"description": "For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
",
"default": false
},
"aupForceSslInspection": {
"type": "boolean",
"description": "For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler forces SSL Inspection in order to enforce AUP for HTTPS traffic.
",
"default": false
},
"ipv6Enabled": {
"type": "boolean",
"description": "If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies."
},
"ipv6Dns64Prefix": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "(Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true. To learn more, see About the DNS64 Prefix.
Before you can configure a DNS64 prefix, you must send a GET request to /ipv6config/nat64prefix to retrieve the IDs of NAT64 prefixes, which can be configured as the DNS64 prefix.
"
},
"iotDiscoveryEnabled": {
"type": "boolean",
"description": "If this field is set to true, IoT discovery is enabled for this location.
"
},
"aupTimeoutInDays": {
"type": "integer",
"description": "Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
",
"format": "int32"
},
"managedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "SD-WAN Partner that manages the location. If a partner does not manage the location, this is set to Self.
"
}
],
"readOnly": true
},
"profile": {
"allOf": [
{
"$ref": "#/components/schemas/Profile"
},
{
"description": "(Optional) Profile tag that specifies the location traffic type. If not specified, this tag is automatically set to best possible value using certain criteria.
The criteria used for setting best possible value is as follows:
\n \n - When invoked with a partner API key, it automatically sets the profile attribute to CORPORATE.
\n - When invoked using public API, it automatically sets the profile attribute based on the following criteria:\n
\n - If the location has authentication enabled, then it sets profile to CORPORATE.
\n - If the location has authentication disabled and name contains \"guest\", then it sets profile to GUESTWIFI.
\n - For all other locations with authentication disabled, it sets profile to SERVER.
\n \n
"
}
]
},
"description": {
"type": "string",
"description": "Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
"
}
},
"description": "Location and sub-location information."
},
"IdListInteger": {
"title": "IdListInteger",
"type": "object",
"properties": {
"ids": {
"type": "array",
"items": {
"type": "integer",
"format": "int32"
},
"description": ""
}
}
},
"LocationLite": {
"title": "LocationLite",
"required": [
"name"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Location ID",
"format": "int32",
"readOnly": true
},
"name": {
"type": "string",
"description": "Location Name"
},
"parentId": {
"type": "integer",
"description": "Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB",
"format": "int32"
},
"tz": {
"allOf": [
{
"$ref": "#/components/schemas/Tz1"
},
{
"description": "Timezone of the location. If not specified, it defaults to GMT."
}
]
},
"xffForwardEnabled": {
"type": "boolean",
"description": "Enable XFF Forwarding for a location. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
Note: For sublocations, this attribute is a read-only field as the value is inherited from the parent location.
"
},
"aupEnabled": {
"type": "boolean",
"description": "Enable AUP. When set to true, AUP is enabled for the location. To learn more, see About End User Notifications
"
},
"cautionEnabled": {
"type": "boolean",
"description": "Enable Caution. When set to true, a caution notifcation is enabled for the location. To learn more, see Configuring the Caution Notification
"
},
"aupBlockInternetUntilAccepted": {
"type": "boolean",
"description": "For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
"
},
"aupForceSslInspection": {
"type": "boolean",
"description": "For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler forces SSL Inspection in order to enforce AUP for HTTPS traffic.
"
},
"surrogateIP": {
"type": "boolean",
"description": "Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses. To learn more, see About Surrogate IP.
"
},
"surrogateIPEnforcedForKnownBrowsers": {
"type": "boolean",
"description": "Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers. To learn more, see About Surrogate IP
"
},
"otherSubLocation": {
"type": "boolean",
"description": "If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other and it can be renamed, if required."
},
"other6SubLocation": {
"type": "boolean",
"description": "If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true."
},
"ofwEnabled": {
"type": "boolean",
"description": "Enable Firewall. When set to true, Firewall is enabled for the location.
"
},
"ipsControl": {
"type": "boolean",
"description": "Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
"
},
"zappSslScanEnabled": {
"type": "boolean",
"description": "This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting takes effect, irrespective of the SSL policy that is configured for the location. To learn more, see Configuring SSL Inspection for Zscaler App
"
},
"ipv6Enabled": {
"type": "boolean",
"description": "If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies."
}
},
"description": "Location and sub-location information based on a limited number of fields."
},
"LocationGroup": {
"title": "LocationGroup",
"required": [
"name"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique identifier for the location group",
"format": "int32",
"readOnly": true
},
"name": {
"type": "string",
"description": "Location group name"
},
"deleted": {
"type": "boolean",
"description": "Indicates the location group was deleted",
"readOnly": true
},
"groupType": {
"allOf": [
{
"$ref": "#/components/schemas/GroupType1"
},
{
"description": "The location group's type (i.e., Static or Dynamic)"
}
]
},
"dynamicLocationGroupCriteria": {
"allOf": [
{
"$ref": "#/components/schemas/DynamicLocationGroupCriteria"
},
{
"description": "Dynamic location group information."
}
]
},
"locations": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "The Name-ID pairs of the locations that are assigned to the static location group. This is ignored if the groupType is Dynamic."
},
"comments": {
"type": "string",
"description": "Additional information about the location group"
},
"lastModUser": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"lastModTime": {
"type": "integer",
"description": "Automatically populated with the current time, after a successful POST or PUT request.",
"format": "int32",
"readOnly": true
},
"predefined": {
"type": "boolean"
}
},
"description": "Location group information."
},
"VPNCredential": {
"title": "VPNCredential",
"required": [
"type"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "VPN credential id",
"format": "int32",
"readOnly": true
},
"type": {
"allOf": [
{
"$ref": "#/components/schemas/Type9"
},
{
"description": "VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created.
Note: Zscaler no longer supports adding a new XAUTH VPN credential, but existing entries can be edited or deleted using the respective endpoints.
"
}
]
},
"fqdn": {
"type": "string",
"description": "Fully Qualified Domain Name. Applicable only to UFQDN or XAUTH (or HOSTED_MOBILE_USERS) auth type."
},
"ipAddress": {
"type": "string",
"description": "Static IP address for VPN that is self-provisioned or provisioned by Zscaler. This is a required field for IP auth type and is not applicable to other auth types.
Note: If you want Zscaler to provision static IP addresses for your organization, contact Zscaler Support.
"
},
"preSharedKey": {
"type": "string",
"description": "Pre-shared key. This is a required field for UFQDN and IP auth type."
},
"comments": {
"type": "string",
"description": "Additional information about this VPN credential."
},
"location": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "Location that is associated to this VPN credential. Non-existence means not associated to any location."
}
],
"readOnly": true
},
"managedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "SD-WAN Partner that manages the location. If a partner does not manage the location, this is set to Self.
"
}
],
"readOnly": true
}
},
"description": "VPN is one way to route traffic from customer locations to the cloud. Site-to-site IPSec VPN credentials can be identified by the cloud through one of the following methods:\n\n 1. Common Name (CN) of IPSec Certificate\n\n 2. VPN User FQDN - requires VPN_SITE_TO_SITE subscription\n\n 3. VPN IP Address - requires VPN_SITE_TO_SITE subscription\n\n 4. Extended Authentication (XAUTH) or hosted mobile UserID - requires VPN_MOBILE subscription\n\n Notes:\n\n IPs must be created in Static IP first\n\n CN type (certificate) is created automatically, when a CN is provisioned by Zscaler.\n\n The 'psk' field is not applicable for this VPN type.\n\n The most common type is UFQDN."
},
"DynamicLocationGroupCriteria": {
"title": "DynamicLocationGroupCriteria",
"type": "object",
"properties": {
"name": {
"$ref": "#/components/schemas/StringFilter"
},
"countries": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Country5"
},
"description": "One or more countries from a predefined set"
},
"city": {
"$ref": "#/components/schemas/StringFilter"
},
"managedBy": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "One or more values from a predefined set of SD-WAN partner list to display partner names."
},
"enforceAuthentication": {
"type": "boolean",
"description": "Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled."
},
"enforceAup": {
"type": "boolean",
"description": "Enable AUP. When set to true, AUP is enabled for the location."
},
"enforceFirewallControl": {
"type": "boolean",
"description": "Enable Firewall. When set to true, Firewall is enabled for the location."
},
"enableXffForwarding": {
"type": "boolean",
"description": "Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header."
},
"enableCaution": {
"type": "boolean",
"description": "Enable Caution. When set to true, a caution notifcation is enabled for the location."
},
"enableBandwidthControl": {
"type": "boolean",
"description": "Enable Bandwidth Control. When set to true, Bandwidth Control is enabled for the location."
},
"profiles": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Profile1"
},
"description": "One or more location profiles from a predefined set"
}
},
"description": "Dynamic location group information."
},
"StringFilter": {
"title": "StringFilter",
"type": "object",
"properties": {
"matchString": {
"type": "string",
"description": "String value to be matched or partially matched"
},
"matchType": {
"allOf": [
{
"$ref": "#/components/schemas/MatchType"
},
{
"description": "Operator that performs match action"
}
]
}
}
},
"RuleLabel": {
"title": "RuleLabel",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "The unique identifier for the rule label.",
"format": "int32"
},
"name": {
"type": "string",
"description": "The rule label name."
},
"description": {
"type": "string",
"description": "The rule label description."
},
"lastModifiedTime": {
"type": "integer",
"description": "Timestamp when the rule lable was last modified. This is a read-only field. Ignored by PUT and DELETE requests.",
"format": "int32"
},
"lastModifiedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "The admin that modified the rule label last. This is a read-only field. Ignored by PUT requests."
}
]
},
"createdBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "The admin that created the rule label. This is a read-only field. Ignored by PUT requests."
}
]
},
"referencedRuleCount": {
"type": "integer",
"description": "The number of rules that reference the label.",
"format": "int32"
}
},
"description": "Rule label information."
},
"BaAdvancedSettings": {
"title": "BaAdvancedSettings",
"type": "object",
"properties": {
"fileHashesToBeBlocked": {
"type": "array",
"items": {
"type": "string"
},
"description": "A custom list of unique MD5 file hashes that must be blocked by Sandbox. A maximum of 10000 MD5 file hashes can be blocked."
}
},
"description": "Advanced Sandbox Settings"
},
"CustomFileHashQuota": {
"title": "CustomFileHashQuota",
"type": "object",
"properties": {
"blockedFileHashesCount": {
"type": "integer",
"description": "The number of unique MD5 file hashes that are blocked by Sandbox.
",
"format": "int32",
"readOnly": true
},
"remainingFileHashes": {
"type": "integer",
"description": "Unused quota for blocking MD5 file hashes.",
"format": "int32",
"readOnly": true
}
},
"description": "Used and unused quota for blocking MD5 file hashes."
},
"CloudApplication": {
"title": "CloudApplication",
"type": "object",
"properties": {
"sanctionedState": {
"allOf": [
{
"$ref": "#/components/schemas/SanctionedState"
},
{
"description": "The cloud application status that indicates whether it is sanctioned or unsanctioned"
}
]
},
"applicationIds": {
"type": "array",
"items": {
"type": "integer",
"format": "int32"
},
"description": "The list of cloud application IDs for which the status (sanctioned or unsanctioned) and tags have to be updated"
},
"customTags": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomTag"
},
"description": "The list of custom tags that must be assigned to the cloud applications"
}
},
"description": "Cloud application information"
},
"NamedItem": {
"title": "NamedItem",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique identifier of the cloud application",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the cloud application"
}
}
},
"CustomTag": {
"title": "CustomTag",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique identifier of the custom tag",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the custom tag"
}
},
"description": "Name-ID information of custom tags"
},
"ShadowITApplicationRequest": {
"title": "ShadowITApplicationRequest",
"type": "object",
"properties": {
"duration": {
"allOf": [
{
"$ref": "#/components/schemas/Duration"
},
{
"description": "Report Duration"
}
]
},
"application": {
"type": "array",
"items": {
"type": "string"
},
"description": "List of Applications."
},
"appName": {
"type": "string",
"description": "Application name Filter"
},
"order": {
"$ref": "#/components/schemas/Order"
},
"applicationCategory": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ApplicationCategory"
},
"description": "Application name Filter"
},
"dataConsumed": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RangeLong"
},
"description": ""
},
"riskIndex": {
"type": "array",
"items": {
"type": "number"
},
"description": "Risk Index Filter"
},
"sanctionedState": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SanctionedState1"
},
"description": "Application Status Filter"
},
"employees": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Employee"
},
"description": "Employees Count Filter"
},
"supportedCertifications": {
"$ref": "#/components/schemas/IncludeExcludeMultiFilterOperationVendorComplianceID"
},
"sourceIpRestriction": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SourceIpRestriction"
},
"description": "Source IP Restrictions Filter"
},
"mfaSupport": {
"type": "array",
"items": {
"$ref": "#/components/schemas/MfaSupport"
},
"description": "MFA Support Filter"
},
"adminAuditLogs": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AdminAuditLog"
},
"description": "Admin Audit Logs Filter"
},
"hadBreachInLast3Years": {
"type": "array",
"items": {
"$ref": "#/components/schemas/HadBreachInLast3Year"
},
"description": "Data Breaches in Last 3 Years Filter"
},
"havePoorItemsOfService": {
"type": "array",
"items": {
"$ref": "#/components/schemas/HavePoorItemsOfService"
},
"description": "Poor Terms of Service Filter"
},
"passwordStrength": {
"type": "array",
"items": {
"$ref": "#/components/schemas/PasswordStrength"
},
"description": "Password Strength Filter"
},
"sslPinned": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SslPinned"
},
"description": "SSL Pinned Filter"
},
"evasive": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Evasive"
},
"description": "Evasive Filter"
},
"haveHTTPSecurityHeaderSupport": {
"type": "array",
"items": {
"$ref": "#/components/schemas/HaveHTTPSecurityHeaderSupport"
},
"description": "HTTP Security Header Support Filter"
},
"dnsCAAPolicy": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DnsCAAPolicy"
},
"description": "DNS CAA Policy Filter"
},
"haveWeakCipherSupport": {
"type": "array",
"items": {
"$ref": "#/components/schemas/HaveWeakCipherSupport"
},
"description": "Weak Cipher Support Filter"
},
"sslCertificationValidity": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SslCertificationValidity"
},
"description": "SSL Certification Validity Filter"
},
"malwareScanningContent": {
"type": "array",
"items": {
"$ref": "#/components/schemas/MalwareScanningContent"
},
"description": "Malware Scanning Content Filter"
},
"fileSharing": {
"type": "array",
"items": {
"$ref": "#/components/schemas/FileSharing"
},
"description": "File Sharing Filter"
},
"remoteAccessScreenSharing": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RemoteAccessScreenSharing"
},
"description": "Remote Access Screen Sharing Filter"
},
"senderPolicyFramework": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SenderPolicyFramework"
},
"description": "Sender Policy Framework Filter"
},
"domainKeysIdentifiedMail": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DomainKeysIdentifiedMail"
},
"description": "DomainKeys Identified Mail Filter"
},
"domainBasedMessageAuthentication": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DomainBasedMessageAuthentication"
},
"description": "Domain-Based Message Authentication Filter"
},
"vulnerableDisclosureProgram": {
"type": "array",
"items": {
"$ref": "#/components/schemas/VulnerableDisclosureProgram"
},
"description": "Vulnerability Disclosure Policy Filter"
},
"wafSupport": {
"type": "array",
"items": {
"$ref": "#/components/schemas/WafSupport"
},
"description": "Support for WAF Filter"
},
"vulnerability": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Vulnerability"
},
"description": "Published CVE Vulnerability Filter"
},
"validSSLCertificate": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ValidSSLCertificate"
},
"description": "Valid SSL Certificate Filter"
},
"dataEncryptionInTransit": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DataEncryptionInTransit"
},
"description": "Data Encryption in Transit Filter"
},
"vulnerableToHeartBleed": {
"type": "array",
"items": {
"$ref": "#/components/schemas/VulnerableToHeartBleed"
},
"description": "Vulnerable to Heart Bleed Filter"
},
"vulnerableToPoodle": {
"type": "array",
"items": {
"$ref": "#/components/schemas/VulnerableToPoodle"
},
"description": "Vulnerable to Poodle Filter"
},
"vulnerableToLogJam": {
"type": "array",
"items": {
"$ref": "#/components/schemas/VulnerableToLogJam"
},
"description": "Vulnerable to Logjam Filter"
},
"certKeySize": {
"$ref": "#/components/schemas/IncludeExcludeMultiFilterOperationCertKeySize"
}
}
},
"ShadowITRequest": {
"title": "ShadowITRequest",
"type": "object",
"properties": {
"duration": {
"allOf": [
{
"$ref": "#/components/schemas/Duration"
},
{
"description": "Report Duration"
}
]
},
"application": {
"type": "array",
"items": {
"type": "string"
},
"description": "Applications filter"
},
"order": {
"$ref": "#/components/schemas/Order"
},
"downloadBytes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RangeLong"
},
"description": "Download Bytes Filter"
},
"uploadBytes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RangeLong"
},
"description": "Upload Bytes Filter"
},
"dataConsumed": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RangeLong"
},
"description": ""
},
"users": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityIdName"
},
"description": "Users Filter"
},
"locations": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityIdName"
},
"description": "Locations Filter"
},
"departments": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityIdName"
},
"description": "Department Filter"
}
}
},
"Order": {
"title": "Order",
"type": "object",
"properties": {
"on": {
"$ref": "#/components/schemas/On"
},
"by": {
"$ref": "#/components/schemas/By"
}
}
},
"RangeLong": {
"title": "RangeLong",
"type": "object",
"properties": {
"min": {
"type": "integer",
"format": "int64"
},
"max": {
"type": "integer",
"format": "int64"
}
}
},
"IncludeExcludeMultiFilterOperationVendorComplianceID": {
"title": "IncludeExcludeMultiFilterOperationVendorComplianceID",
"type": "object",
"properties": {
"operation": {
"$ref": "#/components/schemas/Operation"
},
"value": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Value"
},
"description": ""
}
}
},
"IncludeExcludeMultiFilterOperationCertKeySize": {
"title": "IncludeExcludeMultiFilterOperationCertKeySize",
"type": "object",
"properties": {
"operation": {
"$ref": "#/components/schemas/Operation"
},
"value": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Value1"
},
"description": ""
}
}
},
"EntityIdName": {
"title": "EntityIdName",
"type": "object",
"properties": {
"id": {
"type": "integer",
"format": "int32"
},
"pid": {
"type": "integer",
"format": "int32"
},
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"deleted": {
"type": "boolean"
},
"getlId": {
"type": "integer",
"format": "int64"
}
}
},
"GreTunnel": {
"title": "GreTunnel",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique identifier of the static IP address that is associated to a GRE tunnel",
"format": "int32",
"readOnly": true
},
"sourceIp": {
"type": "string",
"description": "The source IP address of the GRE tunnel. This is typically a static IP address in the organization or SD-WAN. This IP address must be provisioned within the Zscaler service using the /staticIP endpoint."
},
"primaryDestVip": {
"allOf": [
{
"$ref": "#/components/schemas/GreVirtualIp"
},
{
"description": "The primary destination data center and virtual IP address (VIP) of the GRE tunnel"
}
]
},
"secondaryDestVip": {
"allOf": [
{
"$ref": "#/components/schemas/GreVirtualIp"
},
{
"description": "The secondary destination data center and virtual IP address (VIP) of the GRE tunnel"
}
]
},
"internalIpRange": {
"type": "string",
"description": "The start of the internal IP address in /29 CIDR range"
},
"managedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "SD-WAN Partner that manages the location. If a partner does not manage the location, this is set to Self.
"
}
],
"readOnly": true
},
"lastModificationTime": {
"type": "integer",
"description": "When the GRE tunnel information was last modified",
"format": "int32"
},
"lastModifiedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "Who modified the GRE tunnel information last"
}
]
},
"withinCountry": {
"type": "boolean",
"description": "Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP address"
},
"comment": {
"type": "string",
"description": "Additional information about this GRE tunnel"
},
"ipUnnumbered": {
"type": "boolean",
"description": "This is required to support the automated SD-WAN provisioning of GRE tunnels, when set to true gre_tun_ip and gre_tun_id are set to null"
},
"subcloud": {
"type": "string",
"description": "Restrict the data center virtual IP addresses (VIPs) only to those part of the subcloud
"
}
},
"description": "GRE tunnel information"
},
"GreTunnelIPRange": {
"title": "GreTunnelIPRange",
"type": "object",
"properties": {
"startIPAddress": {
"type": "string",
"description": "Starting IP address in the range"
},
"endIPAddress": {
"type": "string",
"description": "Ending IP address in the range"
}
}
},
"IPv6Configuration": {
"title": "IPv6Configuration",
"type": "object",
"properties": {
"ipV6Enabled": {
"type": "boolean",
"description": "If set to true, IPv6 support is enabled for your organization. You can forward IPv6 traffic to the Zscaler service and enforce security policies. If set to false, IPv6 support is disabled for your organization."
},
"natPrefixes": {
"type": "array",
"items": {
"$ref": "#/components/schemas/IPv6PrefixMask"
},
"description": "NAT64 prefix information."
},
"dnsPrefix": {
"type": "array",
"items": {
"$ref": "#/components/schemas/IPv6PrefixMask"
},
"description": "DNS64 prefix information."
}
},
"description": "IPv6 configuration details."
},
"IPv6PrefixMask": {
"title": "IPv6PrefixMask",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "A unique identifier for the NAT64 prefix.",
"format": "int32"
},
"name": {
"type": "string",
"description": "The name of the NAT64 prefix."
},
"description": {
"type": "string",
"description": "The description of the NAT64 prefix."
},
"prefixMask": {
"type": "string",
"description": "The subnet mask for the NAT64 prefix."
},
"dnsPrefix": {
"type": "boolean",
"description": "Indicates whether or not this NAT64 prefix is the DNS64 prefix."
},
"nonEditable": {
"type": "boolean",
"description": "Indicates whether or not this NAT64 prefix is editable."
}
},
"description": "NAT64/DNS64 prefix information."
},
"IpDetails": {
"title": "IpDetails",
"type": "object",
"properties": {
"ipAddress": {
"type": "string"
},
"greEnabled": {
"type": "boolean",
"default": false
},
"greTunnelIP": {
"type": "string"
},
"primaryGW": {
"type": "string"
},
"secondaryGW": {
"type": "string"
},
"tunID": {
"type": "integer",
"format": "int32"
},
"greRangePrimary": {
"type": "string"
},
"greRangeSecondary": {
"type": "string"
}
}
},
"RegionInfo": {
"title": "RegionInfo",
"type": "object",
"properties": {
"cityGeoId": {
"type": "integer",
"description": "The geographical ID of the city",
"format": "int32"
},
"stateGeoId": {
"type": "integer",
"description": "The geographical ID of the state",
"format": "int32"
},
"latitude": {
"type": "number",
"description": "The latitude coordinate of the city"
},
"longitude": {
"type": "number",
"description": "The longitude coordinate of the city"
},
"cityName": {
"type": "string",
"description": "The name of the city"
},
"stateName": {
"type": "string",
"description": "The name of the state, province, or territory of a country"
},
"countryName": {
"type": "string",
"description": "The name of the country"
},
"countryCode": {
"type": "string",
"description": "The ISO standard two-letter country code"
},
"postalCode": {
"type": "string",
"description": "The postal code"
},
"continentCode": {
"type": "string",
"description": "The ISO standard two-letter continent code"
}
},
"description": "Information about a region or a city"
},
"StaticIP": {
"title": "StaticIP",
"required": [
"latitude",
"longitude"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "The unique identifier for the static IP address",
"format": "int32",
"readOnly": true
},
"ipAddress": {
"type": "string",
"description": "The static IP address"
},
"geoOverride": {
"type": "boolean",
"description": "If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided."
},
"latitude": {
"type": "number",
"description": "Required only if the geoOverride attribute is set. Latitude with 7 digit precision after decimal point, ranges between -90 and 90 degrees."
},
"longitude": {
"type": "number",
"description": "Required only if the geoOverride attribute is set. Longitude with 7 digit precision after decimal point, ranges between -180 and 180 degrees."
},
"routableIP": {
"type": "boolean",
"description": "Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization."
},
"managedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"lastModificationTime": {
"type": "integer",
"description": "When the static IP address was last modified",
"format": "int32",
"readOnly": true
},
"lastModifiedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "This is an immutable reference to an entity. which mainly consists of id and name"
}
]
},
"comment": {
"type": "string",
"description": "Additional information about this static IP address"
}
},
"description": "Static IP address information"
},
"PublicNode": {
"title": "PublicNode",
"type": "object",
"properties": {
"cloudName": {
"type": "string",
"description": "The Zscaler cloud name."
},
"region": {
"type": "string",
"description": "The region."
},
"country": {
"type": "string",
"description": "The country."
},
"city": {
"type": "string",
"description": "The city."
},
"dataCenter": {
"type": "string",
"description": "Data center name."
},
"location": {
"type": "string",
"description": "The location coordinates."
},
"vpnIps": {
"type": "array",
"items": {
"type": "string"
},
"description": "The VPN IP addresses."
},
"vpnDomainName": {
"type": "string",
"description": "The VPN server domain name."
},
"greIps": {
"type": "array",
"items": {
"type": "string"
},
"description": "The GRE IP addresses."
},
"greDomainName": {
"type": "string",
"description": "The proxy host name."
},
"pacIps": {
"type": "array",
"items": {
"type": "string"
},
"description": "The PAC IP addresses."
},
"pacDomainName": {
"type": "string",
"description": "The PAC server domain name."
},
"svpnIps": {
"type": "array",
"items": {
"type": "string"
},
"description": "The PAC IP addresses."
},
"svpnDomainName": {
"type": "string",
"description": "The PAC server domain name."
}
},
"description": "Public node details"
},
"DatacenterVips": {
"title": "DatacenterVips",
"type": "object",
"properties": {
"datacenter": {
"allOf": [
{
"$ref": "#/components/schemas/Datacenter"
},
{
"description": "Zscaler data center details."
}
]
},
"greVips": {
"type": "array",
"items": {
"$ref": "#/components/schemas/GreVirtualIp"
},
"description": "GRE cluster virtual IP addresses (VIPs)."
}
},
"description": "GRE cluster virtual IP addresses (VIPs) that belong to a Zscaler data center."
},
"GreVirtualIp": {
"title": "GreVirtualIp",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Unique identifer of the GRE virtual IP address (VIP)",
"format": "int32"
},
"virtualIp": {
"type": "string",
"description": "GRE cluster virtual IP address (VIP)"
},
"privateServiceEdge": {
"type": "boolean",
"description": "Set to true if the virtual IP address (VIP) is a ZIA Private Service Edge",
"readOnly": true
},
"datacenter": {
"type": "string",
"description": "Data center information",
"readOnly": true
}
},
"description": "GRE cluster virtual IP address (VIP) and data center information"
},
"Datacenter": {
"title": "Datacenter",
"type": "object",
"properties": {
"datacenter": {
"type": "string",
"description": "Zscaler data center name.",
"readOnly": true
}
},
"description": "Zscaler data center information."
},
"UrlFilteringRule": {
"title": "UrlFilteringRule",
"required": [
"name"
],
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "URL Filtering Rule ID",
"format": "int32"
},
"name": {
"type": "string",
"description": "Rule Name"
},
"order": {
"type": "integer",
"description": "Order of execution of rule with respect to other URL Filtering rules",
"format": "int32"
},
"protocols": {
"type": "array",
"items": {
"$ref": "#/components/schemas/Protocol1"
},
"description": "Protocol criteria"
},
"locations": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of locations for which rule must be applied"
},
"groups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of groups for which rule must be applied"
},
"departments": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of departments for which rule must be applied"
},
"users": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of users for which rule must be applied"
},
"urlCategories": {
"type": "array",
"items": {
"$ref": "#/components/schemas/UrlCategory1"
},
"description": "List of URL categories for which rule must be applied"
},
"state": {
"allOf": [
{
"$ref": "#/components/schemas/State3"
},
{
"description": "Rule State"
}
]
},
"timeWindows": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of time interval during which rule must be enforced."
},
"workloadGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/WorkloadGroup"
},
"description": "The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups."
},
"rank": {
"type": "integer",
"description": "Admin rank of the admin who creates this rule",
"format": "int32"
},
"requestMethods": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RequestMethod"
},
"description": "Request method for which the rule must be applied. If not set, rule is applied to all methods"
},
"endUserNotificationUrl": {
"type": "string",
"description": "URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified."
},
"overrideUsers": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of users for which this rule can be overridden. Applicable only if blockOverride is set to 'true', action is 'BLOCK' and overrideGroups is not set.If this overrideUsers is not set, 'BLOCK' action can be overridden for any user."
},
"overrideGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of groups for which this rule can be overridden. Applicable only if blockOverride is set to 'true' and action is 'BLOCK'. If this overrideGroups is not set, 'BLOCK' action can be overridden for any group."
},
"blockOverride": {
"type": "boolean",
"description": "When set to true, a 'BLOCK' action triggered by the rule could be overridden. If true and both overrideGroup and overrideUsers are not set, the BLOCK triggered by this rule could be overridden for any users. If blockOverride is not set, 'BLOCK' action cannot be overridden.",
"default": false
},
"timeQuota": {
"type": "integer",
"description": "Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.",
"format": "int32"
},
"sizeQuota": {
"type": "integer",
"description": "Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.",
"format": "int32"
},
"description": {
"type": "string",
"description": "Additional information about the URL Filtering rule"
},
"locationGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of the location groups to which the rule must be applied."
},
"labels": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "The URL Filtering rule's label. Rule labels allow you to logically group your organization's policy rules. Policy rules that are not associated with a rule label are grouped under the Untagged label."
},
"validityStartTime": {
"type": "integer",
"description": "If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.",
"format": "int32"
},
"validityEndTime": {
"type": "integer",
"description": "If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.",
"format": "int32"
},
"validityTimeZoneId": {
"type": "string",
"description": "If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID."
},
"lastModifiedTime": {
"type": "integer",
"description": "When the rule was last modified",
"format": "int32"
},
"lastModifiedBy": {
"allOf": [
{
"$ref": "#/components/schemas/EntityReference"
},
{
"description": "Who modified the rule last"
}
]
},
"enforceTimeValidity": {
"type": "boolean",
"description": "Enforce a set a validity time period for the URL Filtering rule. To learn more, see Configuring the URL Filtering Policy."
},
"devices": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "Name-ID pairs of devices for which rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
"
},
"deviceGroups": {
"type": "array",
"items": {
"$ref": "#/components/schemas/EntityReference"
},
"description": "This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
"
},
"deviceTrustLevels": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DeviceTrustLevel"
},
"description": "List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
"
},
"action": {
"allOf": [
{
"$ref": "#/components/schemas/Action4"
},
{
"description": "Action taken when traffic matches rule criteria.
Note: The ISOLATE action is available only if Cloud Browser Isolation is enabled for your organization. To learn more, see Configuring the URL Filtering Policy.
"
}
]
},
"cbiProfile": {
"allOf": [
{
"$ref": "#/components/schemas/BrowserIsolationProfile"
},
{
"description": "The cloud browser isolation profile to which the ISOLATE action is applied in the URL Filtering Policy rules.
Note: This parameter is required for the ISOLATE action and is not applicable to other actions.
"
}
]
},
"ciparule": {
"type": "boolean",
"description": "If set to true, the CIPA Compliance rule is enabled",
"default": false
}
},
"description": "URL Filtering Rule"
},
"AccessControl": {
"title": "AccessControl",
"enum": [
"NONE",
"READ_ONLY",
"READ_WRITE"
],
"type": "string",
"description": "The access privilege for this DLP policy rule based on the admin's state."
},
"Action": {
"title": "Action",
"enum": [
"PHRASE_COUNT_TYPE_UNIQUE",
"PHRASE_COUNT_TYPE_ALL"
],
"type": "string",
"description": "The action applied to a DLP dictionary using phrases"
},
"Action1": {
"title": "Action1",
"enum": [
"PATTERN_COUNT_TYPE_ALL",
"PATTERN_COUNT_TYPE_UNIQUE"
],
"type": "string",
"description": "The action applied to a DLP dictionary using patterns"
},
"Action2": {
"title": "Action2",
"enum": [
"ANY",
"NONE",
"BLOCK",
"ALLOW",
"ICAP_RESPONSE"
],
"type": "string",
"description": "The action taken when traffic matches the DLP policy rule criteria."
},
"Action3": {
"title": "Action3",
"enum": [
"ALLOW",
"BLOCK_DROP",
"BLOCK_RESET",
"BLOCK_ICMP",
"EVAL_NWAPP"
],
"type": "string",
"description": "The action the Firewall Filtering policy rule takes when packets match the rule"
},
"Action4": {
"title": "Action4",
"enum": [
"BLOCK",
"CAUTION",
"ALLOW",
"ISOLATE",
"ICAP_RESPONSE"
],
"type": "string",
"description": "Action taken when traffic matches rule criteria.
Note: The ISOLATE action is available only if Cloud Browser Isolation is enabled for your organization. To learn more, see Configuring the URL Filtering Policy.
"
},
"action5": {
"title": "action5",
"enum": [
"ADD_TO_LIST",
"REMOVE_FROM_LIST"
],
"type": "string"
},
"AdminAcctAccess": {
"title": "AdminAcctAccess",
"enum": [
"NONE|READ_WRITE"
],
"type": "string",
"description": "Admin and role management access permission."
},
"AdminAuditLog": {
"title": "AdminAuditLog",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"AnalysisAccess": {
"title": "AnalysisAccess",
"enum": [
"NONE|READ_ONLY"
],
"type": "string",
"description": "Insights logs access permission."
},
"appId": {
"title": "appId",
"type": "string"
},
"ApplicationCategory": {
"title": "ApplicationCategory",
"type": "string"
},
"By": {
"title": "By",
"enum": [
"INCREASING",
"DECREASING"
],
"type": "string"
},
"CloudApplication2": {
"title": "CloudApplication2",
"type": "string"
},
"ConfidenceThreshold": {
"title": "ConfidenceThreshold",
"enum": [
"CONFIDENCE_LEVEL_LOW",
"CONFIDENCE_LEVEL_MEDIUM",
"CONFIDENCE_LEVEL_HIGH"
],
"type": "string",
"description": "The DLP confidence threshold"
},
"Country": {
"title": "Country",
"type": "string"
},
"Country2": {
"title": "Country2",
"type": "string",
"description": "Country where your organization is located"
},
"Country3": {
"title": "Country3",
"type": "string",
"description": "Country"
},
"Country4": {
"title": "Country4",
"type": "string",
"description": "Country"
},
"Country5": {
"title": "Country5",
"type": "string"
},
"CurrentState": {
"title": "CurrentState",
"enum": [
"GENERAL_DONE",
"KEYGEN_DONE",
"PUBKEY_DONE",
"ATTESTATION_DONE",
"ATTESTATION_VERIFY_DONE",
"CSRGEN_DONE",
"INTCERT_UPLOAD_DONE",
"CERTCHAIN_UPLOAD_DONE",
"CERT_READY"
],
"type": "string",
"description": "Tracks the progress of the intermediate CA certificate in the configuration workflow
"
},
"CustomPhraseMatchType": {
"title": "CustomPhraseMatchType",
"enum": [
"MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY",
"MATCH_ANY_CUSTOM_PHRASE_PATTERN_DICTIONARY"
],
"type": "string",
"description": "The DLP custom phrase match type"
},
"DashboardAccess": {
"title": "DashboardAccess",
"enum": [
"NONE|READ_ONLY"
],
"type": "string",
"description": "Dashboard access permission."
},
"DataEncryptionInTransit": {
"title": "DataEncryptionInTransit",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"DayOfWeek": {
"title": "DayOfWeek",
"enum": [
"ANY",
"NONE",
"EVERYDAY",
"SUN",
"MON",
"TUE",
"WED",
"THU",
"FRI",
"SAT"
],
"type": "string"
},
"DestCountry": {
"title": "DestCountry",
"type": "string"
},
"DestCountry1": {
"title": "DestCountry1",
"type": "string"
},
"DestIpCategory": {
"title": "DestIpCategory",
"type": "string"
},
"DestIpCategory1": {
"title": "DestIpCategory1",
"type": "string"
},
"DeviceGroupType": {
"title": "DeviceGroupType",
"enum": [
"ZCC_OS",
"NON_ZCC",
"CBI"
],
"type": "string",
"description": "The device group type."
},
"DeviceTrustLevel": {
"title": "DeviceTrustLevel",
"enum": [
"ANY",
"UNKNOWN_DEVICETRUSTLEVEL",
"LOW_TRUST",
"MEDIUM_TRUST",
"HIGH_TRUST"
],
"type": "string"
},
"DictionaryType": {
"title": "DictionaryType",
"enum": [
"PATTERNS_AND_PHRASES",
"EXACT_DATA_MATCH",
"INDEXED_DATA_MATCH"
],
"type": "string",
"description": "The DLP dictionary type."
},
"DisplayTimeUnit": {
"title": "DisplayTimeUnit",
"enum": [
"MINUTE",
"HOUR",
"DAY"
],
"type": "string",
"description": "Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
"
},
"getPredefinedHierarchicalIdentifiersByDictionaryIdResponse": {
"title": "getPredefinedHierarchicalIdentifiersByDictionaryIdResponse",
"type": "string"
},
"DnsCAAPolicy": {
"title": "DnsCAAPolicy",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"DomainBasedMessageAuthentication": {
"title": "DomainBasedMessageAuthentication",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"DomainKeysIdentifiedMail": {
"title": "DomainKeysIdentifiedMail",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"Duration": {
"title": "Duration",
"enum": [
"LAST_1_DAYS",
"LAST_7_DAYS",
"LAST_15_DAYS",
"LAST_MONTH",
"LAST_QUARTER"
],
"type": "string",
"description": "Report Duration"
},
"Employee": {
"title": "Employee",
"enum": [
"NONE",
"RANGE_1_100",
"RANGE_100_1000",
"RANGE_1000_10000",
"RANGE_10000_INF"
],
"type": "string"
},
"entity": {
"title": "entity",
"enum": [
"USER",
"LOCATION"
],
"type": "string"
},
"ErrorCode": {
"title": "ErrorCode",
"type": "string"
},
"Evasive": {
"title": "Evasive",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"excludeType": {
"title": "excludeType",
"enum": [
"DSTN_IP",
"DSTN_FQDN",
"DSTN_DOMAIN",
"DSTN_OTHER"
],
"type": "string"
},
"FileSharing": {
"title": "FileSharing",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"FileType": {
"title": "FileType",
"type": "string"
},
"FileUploadStatus": {
"title": "FileUploadStatus",
"enum": [
"ADP_SCHEMA_CREATED",
"ADP_FILE_PROCESSING",
"ADP_FILE_UPLOAD_COMPLETED",
"ADP_FILE_VALIDATION_FAILURE",
"ADP_FILE_DELETE_FAILURE",
"ADP_MD5_CONVERSION_FAILURE",
"ADP_FILE_UPLOAD_ERROR",
"ADP_RESERVE_CELLS_ERROR",
"ADP_GENERIC_ERROR",
"ADP_CDSSDLP_COMM_FAIL",
"ADP_CDSSDLP_REJECT",
"ADP_FILE_UPLOAD_ABORTED",
"FAIL",
"ADP_FILE_UPLOAD_IN_PROGRESS",
"ADP_FILE_BUCKET_COLLISION",
"ADP_FILE_PRIM_KEY_DUPLICATE"
],
"type": "string",
"description": "The status of the EDM template's CSV file upload to the Index Tool. This attribute is required by PUT and POST requests."
},
"ForwardMethod": {
"title": "ForwardMethod",
"enum": [
"INVALID",
"DIRECT",
"PROXYCHAIN",
"ZIA",
"ZPA",
"ECZPA",
"ECSELF",
"DROP"
],
"type": "string",
"description": "The type of traffic forwarding method selected from the available options"
},
"GroupType": {
"title": "GroupType",
"enum": [
"ZCC_OS",
"NON_ZCC",
"CBI"
],
"type": "string",
"description": "The device group type."
},
"GroupType1": {
"title": "GroupType1",
"enum": [
"STATIC_GROUP",
"DYNAMIC_GROUP"
],
"type": "string",
"description": "The location group's type (i.e., Static or Dynamic)"
},
"HadBreachInLast3Year": {
"title": "HadBreachInLast3Year",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"HaveHTTPSecurityHeaderSupport": {
"title": "HaveHTTPSecurityHeaderSupport",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"HavePoorItemsOfService": {
"title": "HavePoorItemsOfService",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"HaveWeakCipherSupport": {
"title": "HaveWeakCipherSupport",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"HierarchicalIdentifier": {
"title": "HierarchicalIdentifier",
"type": "string"
},
"Id": {
"title": "Id",
"type": "string"
},
"include": {
"title": "include",
"enum": [
"all",
"private",
"public"
],
"type": "string"
},
"IpCategory": {
"title": "IpCategory",
"type": "string"
},
"IpCategory1": {
"title": "IpCategory1",
"type": "string"
},
"LogsLimit": {
"title": "LogsLimit",
"enum": [
"UNRESTRICTED",
"MONTH_1",
"MONTH_2",
"MONTH_3",
"MONTH_4",
"MONTH_5",
"MONTH_6"
],
"type": "string",
"description": "Log range limit."
},
"MalwareScanningContent": {
"title": "MalwareScanningContent",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"MatchAccuracy": {
"title": "MatchAccuracy",
"enum": [
"LOW",
"MEDIUM",
"HEAVY"
],
"type": "string",
"description": "The IDM template match accuracy."
},
"MatchType": {
"title": "MatchType",
"enum": [
"CONTAINS",
"EQUALS",
"STARTS_WITH",
"ENDS_WITH"
],
"type": "string",
"description": "Operator that performs match action"
},
"MfaSupport": {
"title": "MfaSupport",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"NetworkApplication": {
"title": "NetworkApplication",
"type": "string"
},
"NwApplication": {
"title": "NwApplication",
"type": "string"
},
"NwApplication1": {
"title": "NwApplication1",
"type": "string"
},
"On": {
"title": "On",
"enum": [
"RISK_SCORE",
"APPLICATION",
"APPLICATION_CATEGORY",
"SANCTIONED_STATE",
"TOTAL_BYTES",
"UPLOAD_BYTES",
"DOWNLOAD_BYTES",
"AUTHENTICATED_USERS",
"TRANSACTION_COUNT",
"UNAUTH_LOCATION",
"LAST_ACCESSED"
],
"type": "string"
},
"Operation": {
"title": "Operation",
"enum": [
"INCLUDE",
"EXCLUDE"
],
"type": "string"
},
"Operator": {
"title": "Operator",
"enum": [
"AND",
"OR",
"OPEN_PARENTHESES",
"CLOSE_PARENTHESES"
],
"type": "string",
"description": "The operator (either AND or OR) used to create logical relationships among tag types"
},
"Operator1": {
"title": "Operator1",
"enum": [
"AND",
"OR",
"OPEN_PARENTHESES",
"CLOSE_PARENTHESES"
],
"type": "string",
"description": "The logical operator (either AND or OR) used to combine the tags within a tag type"
},
"OsType": {
"title": "OsType",
"enum": [
"ANY",
"OTHER_OS",
"IOS",
"ANDROID_OS",
"WINDOWS_OS",
"MAC_OS",
"LINUX"
],
"type": "string",
"description": "The operating system (OS)."
},
"osType1": {
"title": "osType1",
"enum": [
"ANY",
"OTHER_OS",
"IOS",
"ANDROID_OS",
"WINDOWS_OS",
"MAC_OS",
"LINUX"
],
"type": "string"
},
"ParentCategory": {
"title": "ParentCategory",
"enum": [
"ANY",
"NONE",
"WEBMAIL",
"SOCIAL",
"INSTANT_MESSAGING",
"P2P",
"STREAMING",
"WEBSEARCH",
"MALWARE",
"IMAGEHOST",
"CLOUDINT",
"ENTERPRISE",
"BUSINESS",
"MAPPSTORE",
"UNCATEGORIZED",
"GAMING",
"NETWORK_MGMT",
"AUTHENTICATION",
"APP_SERVICE",
"TUNNELING",
"FILE_SERVER_TRANSER",
"DATABASE",
"CONFERENCE",
"REMOTE",
"MOBILE",
"WEB",
"INDETERMINATE",
"NETWORK_SERVICE",
"OFWBYPASS"
],
"type": "string"
},
"PasswordStrength": {
"title": "PasswordStrength",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"Permission": {
"title": "Permission",
"type": "string"
},
"PolicyAccess": {
"title": "PolicyAccess",
"enum": [
"NONE|READ_ONLY|READ_WRITE"
],
"type": "string",
"description": "Policy access permission."
},
"PredefinedCountActionType": {
"title": "PredefinedCountActionType",
"enum": [
"PHRASE_COUNT_TYPE_UNIQUE",
"PHRASE_COUNT_TYPE_ALL"
],
"type": "string",
"description": "This field specifies whether duplicate matches of a phrase from a dictionary must be counted individually toward the match count or ignored, thereby maintaining a single count for multiple occurrences.
Note: This field is currently applicable only to the predefined Names dictionaries, such as Names (US), Names (Canada), and Names (Spain).
"
},
"Profile": {
"title": "Profile",
"enum": [
"NONE",
"CORPORATE",
"SERVER",
"GUESTWIFI",
"IOT"
],
"type": "string",
"description": "(Optional) Profile tag that specifies the location traffic type. If not specified, this tag is automatically set to best possible value using certain criteria.
The criteria used for setting best possible value is as follows:
\n \n - When invoked with a partner API key, it automatically sets the profile attribute to CORPORATE.
\n - When invoked using public API, it automatically sets the profile attribute based on the following criteria:\n
\n - If the location has authentication enabled, then it sets profile to CORPORATE.
\n - If the location has authentication disabled and name contains \"guest\", then it sets profile to GUESTWIFI.
\n - For all other locations with authentication disabled, it sets profile to SERVER.
\n \n
"
},
"Profile1": {
"title": "Profile1",
"enum": [
"NONE",
"CORPORATE",
"SERVER",
"GUESTWIFI",
"IOT"
],
"type": "string"
},
"ProfileType": {
"title": "ProfileType",
"enum": [
"LOCAL",
"REMOTECRON",
"REMOTE"
],
"type": "string",
"description": "The IDM template's type."
},
"Protocol": {
"title": "Protocol",
"enum": [
"ANY_RULE",
"FTP_RULE",
"HTTPS_RULE",
"HTTP_RULE"
],
"type": "string"
},
"Protocol1": {
"title": "Protocol1",
"enum": [
"SMRULEF_ZPA_BROKERS_RULE",
"ANY_RULE",
"TCP_RULE",
"UDP_RULE",
"DOHTTPS_RULE",
"TUNNELSSL_RULE",
"HTTP_PROXY",
"FOHTTP_RULE",
"FTP_RULE",
"HTTPS_RULE",
"HTTP_RULE",
"SSL_RULE",
"TUNNEL_RULE"
],
"type": "string"
},
"protocol2": {
"title": "protocol2",
"enum": [
"ICMP",
"TCP",
"UDP",
"GRE",
"ESP",
"OTHER"
],
"type": "string"
},
"Region": {
"title": "Region",
"enum": [
"GLOBAL",
"ASIA",
"EUROPE",
"US"
],
"type": "string",
"description": "Location of the HSM resources. Required for custom intermediate CA certificates with cloud HSM protection.
"
},
"RemoteAccessScreenSharing": {
"title": "RemoteAccessScreenSharing",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"ReportAccess": {
"title": "ReportAccess",
"enum": [
"NONE|READ_ONLY|READ_WRITE"
],
"type": "string",
"description": "Report access permission."
},
"RequestMethod": {
"title": "RequestMethod",
"enum": [
"OPTIONS",
"GET",
"HEAD",
"POST",
"PUT",
"DELETE",
"TRACE",
"CONNECT",
"OTHER"
],
"type": "string"
},
"ResCategory": {
"title": "ResCategory",
"type": "string"
},
"RoleType": {
"title": "RoleType",
"enum": [
"ORG_ADMIN|EXEC_INSIGHT|EXEC_INSIGHT_AND_ORG_ADMIN|SDWAN"
],
"type": "string",
"description": "The admin role type. ()This attribute is subject to change.)"
},
"SanctionedState": {
"title": "SanctionedState",
"enum": [
"UN_SANCTIONED",
"SANCTIONED",
"ANY"
],
"type": "string",
"description": "The cloud application status that indicates whether it is sanctioned or unsanctioned"
},
"SanctionedState1": {
"title": "SanctionedState1",
"enum": [
"UN_SANCTIONED",
"SANCTIONED",
"ANY"
],
"type": "string"
},
"ScheduleDayOfMonth": {
"title": "ScheduleDayOfMonth",
"type": "string"
},
"ScheduleDayOfWeek": {
"title": "ScheduleDayOfWeek",
"enum": [
"SUN",
"MON",
"TUE",
"WED",
"THU",
"FRI",
"SAT"
],
"type": "string"
},
"ScheduleType": {
"title": "ScheduleType",
"enum": [
"NONE",
"MONTHLY",
"WEEKLY",
"DAILY"
],
"type": "string",
"description": "The schedule type for the EDM schema (i.e., EDM template), Monthly, Weekly, Daily, or None. This attribute is required by PUT and POST requests."
},
"ScheduleType1": {
"title": "ScheduleType1",
"enum": [
"NONE",
"MONTHLY",
"WEEKLY",
"DAILY"
],
"type": "string",
"description": "The schedule type for the IDM template's schedule (i.e., Monthly, Weekly, Daily, or None). This attribute is required by PUT and POST requests."
},
"SecondaryFieldMatchOn": {
"title": "SecondaryFieldMatchOn",
"enum": [
"MATCHON_NONE",
"MATCHON_ANY_1",
"MATCHON_ANY_2",
"MATCHON_ANY_3",
"MATCHON_ANY_4",
"MATCHON_ANY_5",
"MATCHON_ANY_6",
"MATCHON_ANY_7",
"MATCHON_ANY_8",
"MATCHON_ANY_9",
"MATCHON_ANY_10",
"MATCHON_ANY_11",
"MATCHON_ANY_12",
"MATCHON_ANY_13",
"MATCHON_ANY_14",
"MATCHON_ANY_15",
"MATCHON_ALL"
],
"type": "string",
"description": "The EDM secondary field to match on."
},
"SenderPolicyFramework": {
"title": "SenderPolicyFramework",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"Severity": {
"title": "Severity",
"enum": [
"RULE_SEVERITY_HIGH",
"RULE_SEVERITY_MEDIUM",
"RULE_SEVERITY_LOW",
"RULE_SEVERITY_INFO"
],
"type": "string",
"description": "Indicates the severity selected for the DLP rule violation"
},
"SignatureAlgorithm": {
"title": "SignatureAlgorithm",
"enum": [
"SHA256"
],
"type": "string",
"description": "Signature algorithm to be used for generating intermediate CA certificate. Default value: SHA256"
},
"SignatureAlgorithm1": {
"title": "SignatureAlgorithm1",
"enum": [
"SHA_1",
"SHA_256"
],
"type": "string",
"description": "Signature Algorithm"
},
"SourceCountry": {
"title": "SourceCountry",
"type": "string"
},
"SourceIpRestriction": {
"title": "SourceIpRestriction",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"SslCertificationValidity": {
"title": "SslCertificationValidity",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"SslPinned": {
"title": "SslPinned",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"State": {
"title": "State",
"enum": [
"DISABLED",
"ENABLED"
],
"type": "string",
"description": "Enables or disables the DLP policy rule."
},
"State1": {
"title": "State1",
"enum": [
"DISABLED",
"ENABLED"
],
"type": "string",
"description": "Determines whether the Firewall Filtering policy rule is enabled or disabled"
},
"State2": {
"title": "State2",
"enum": [
"DISABLED",
"ENABLED"
],
"type": "string",
"description": "Indicates whether the forwarding rule is enabled or disabled"
},
"State3": {
"title": "State3",
"enum": [
"DISABLED",
"ENABLED"
],
"type": "string",
"description": "Rule State"
},
"Status": {
"title": "Status",
"enum": [
"ENABLED",
"DISABLED"
],
"type": "string",
"description": "The DLP server status"
},
"Status1": {
"title": "Status1",
"enum": [
"ENABLED",
"DISABLED",
"DISABLED_BY_SERVICE_PROVIDER",
"NOT_PROVISIONED_IN_SERVICE_PROVIDER"
],
"type": "string",
"description": "The status of the Incident Receiver."
},
"Status2": {
"title": "Status2",
"enum": [
"INIT",
"EXECUTING",
"COMPLETE",
"CANCELLED",
"ERRORED",
"VALIDATING",
"STOP"
],
"type": "string",
"description": "Status of running task"
},
"Status3": {
"title": "Status3",
"enum": [
"ENABLED",
"DISABLED"
],
"type": "string",
"description": "Determines whether the intermediate CA certificate is enabled or disabled for SSL inspection. Subscription to cloud HSM protection allows a maximum of four active certificates for SSL inspection at a time, whereas software protection subscription allows only one active certificate.
"
},
"SurrogateRefreshTimeUnit": {
"title": "SurrogateRefreshTimeUnit",
"enum": [
"MINUTE",
"HOUR",
"DAY"
],
"type": "string",
"description": "Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
"
},
"Tag1": {
"title": "Tag1",
"type": "string"
},
"TagType": {
"title": "TagType",
"enum": [
"ANY",
"VPC",
"SUBNET",
"VM",
"ENI",
"ATTR"
],
"type": "string",
"description": "The tag type selected from a predefined list"
},
"ThresholdType": {
"title": "ThresholdType",
"enum": [
"VIOLATION_COUNT_ONLY",
"CONFIDENCE_SCORE_ONLY",
"VIOLATION_AND_CONFIDENCE"
],
"type": "string",
"description": "DLP threshold type"
},
"Type": {
"title": "Type",
"enum": [
"ORGANIZATION",
"DEPARTMENT",
"LOCATION",
"LOCATION_GROUP"
],
"type": "string",
"description": "The admin scope type. The attribute name is subject to change."
},
"Type1": {
"title": "Type1",
"enum": [
"SUPERADMIN",
"ADMIN",
"AUDITOR",
"GUEST",
"REPORT_USER",
"UNAUTH_TRAFFIC_DEFAULT"
],
"type": "string",
"description": "User type. Provided only if this user is not an end user."
},
"Type2": {
"title": "Type2",
"type": "string",
"description": "The token type. This attribute is required by PUT and POST requests."
},
"Type3": {
"title": "Type3",
"enum": [
"DSTN_IP",
"DSTN_FQDN",
"DSTN_DOMAIN",
"DSTN_OTHER"
],
"type": "string",
"description": "Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)"
},
"Type5": {
"title": "Type5",
"enum": [
"STANDARD",
"PREDEFINED",
"CUSTOM"
],
"type": "string"
},
"Type6": {
"title": "Type6",
"enum": [
"FIREWALL",
"DNS",
"DNAT",
"SNAT",
"FORWARDING",
"INTRUSION_PREVENTION",
"EC_DNS",
"EC_RDR",
"EC_SELF",
"DNS_RESPONSE"
],
"type": "string",
"description": "The rule type selected from the available options"
},
"Type7": {
"title": "Type7",
"enum": [
"ZPA",
"ECZPA"
],
"type": "string",
"description": "Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA)"
},
"Type8": {
"title": "Type8",
"enum": [
"ZSCALER",
"CUSTOM_SW",
"CUSTOM_HSM"
],
"type": "string",
"description": "Type of the intermediate CA certificate. Available types: Zscaler’s intermediate CA certificate (provided by Zscaler), custom intermediate certificate with software protection, and custom intermediate certificate with cloud HSM protection.
"
},
"Type9": {
"title": "Type9",
"enum": [
"CN",
"IP",
"UFQDN",
"XAUTH"
],
"type": "string",
"description": "VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created.
Note: Zscaler no longer supports adding a new XAUTH VPN credential, but existing entries can be edited or deleted using the respective endpoints.
"
},
"type10": {
"title": "type10",
"enum": [
"DSTN_IP",
"DSTN_FQDN",
"DSTN_DOMAIN",
"DSTN_OTHER"
],
"type": "string"
},
"type12": {
"title": "type12",
"enum": [
"CN",
"IP",
"UFQDN",
"XAUTH"
],
"type": "string"
},
"Tz": {
"title": "Tz",
"type": "string",
"description": "Timezone of the location. If not specified, it defaults to GMT."
},
"Tz1": {
"title": "Tz1",
"type": "string",
"description": "Timezone of the location. If not specified, it defaults to GMT."
},
"UploadStatus": {
"title": "UploadStatus",
"enum": [
"IDM_PROF_CREATED",
"IDM_PROF_PROCESSING",
"IDM_PROF_UPLOAD_COMPLETED",
"IDM_PROF_VALIDATION_FAILURE",
"IDM_PROF_DEL_FAILURE",
"IDM_PROF_MD5_CONVERSION_FAILURE",
"IDM_PROF_UPLOAD_ERROR",
"IDM_PROF_RESV_CRED_ERROR",
"IDM_PROF_GENERIC_ERROR",
"IDM_PROF_CDSSDLP_COMM_FAIL",
"IDM_PROF_CDSSDLP_REJECT",
"IDM_PROF_UPLOAD_ABORTED",
"FAIL"
],
"type": "string",
"description": "The status of the file uploaded to the Index Tool for the IDM template."
},
"UrlCategory": {
"title": "UrlCategory",
"type": "string"
},
"UrlCategory1": {
"title": "UrlCategory1",
"type": "string"
},
"UsernameAccess": {
"title": "UsernameAccess",
"enum": [
"NONE|READ_ONLY"
],
"type": "string",
"description": "Username access permission. When set to NONE, the username is obfuscated."
},
"ValidSSLCertificate": {
"title": "ValidSSLCertificate",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"Value": {
"title": "Value",
"enum": [
"NONE",
"CSA_STAR",
"ISO_27001",
"HIPAA",
"FISMA",
"FEDRAMP",
"SOC2",
"ISO_27018",
"PCI_DSS",
"ISO_27017",
"SOC1",
"SOC3",
"GDPR",
"CCPA",
"FERPA",
"COPPA",
"HITECH",
"EU_US_SWISS_PRIVACY_SHIELD",
"EU_US_PRIVACY_SHIELD_FRAMEWORK",
"CISP",
"AICPA",
"FIPS",
"SAFE_BIOPHARMA",
"ISAE_3000",
"SSAE_18",
"NIST",
"ISO_14001",
"SOC",
"TRUSTE",
"ISO_26262",
"ISO_20252",
"RGPD",
"ISO_20243",
"ISO_10002",
"JIS_Q_15001_2017",
"ISMAP"
],
"type": "string"
},
"Value1": {
"title": "Value1",
"enum": [
"NONE",
"UN_KNOWN",
"BITS_2048",
"BITS_256",
"BITS_3072",
"BITS_384",
"BITS_4096",
"BITS_1024"
],
"type": "string"
},
"VulnerableDisclosureProgram": {
"title": "VulnerableDisclosureProgram",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"VulnerableToHeartBleed": {
"title": "VulnerableToHeartBleed",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"VulnerableToLogJam": {
"title": "VulnerableToLogJam",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"VulnerableToPoodle": {
"title": "VulnerableToPoodle",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
},
"WafSupport": {
"title": "WafSupport",
"enum": [
"YES",
"NO",
"UNKNOWN"
],
"type": "string"
}
}
}
}