Submits raw or archive files (e.g., ZIP) to Sandbox for analysis. You can submit up to 100 files per day and it supports all file types that are currently supported by Sandbox. To learn more, see About Sandbox. By default, files are scanned by Zscaler antivirus (AV) and submitted directly to the sandbox in order to obtain a verdict. However, if a verdict already exists for the file, you can use the 'force' parameter to make the sandbox to reanalyze it.
You must have a Sandbox policy rule configured within the ZIA Admin Portal in order to analyze files that aren't present in the default policy rule. Ensure that you have explicitly added Sandbox policy rules that include the appropriate file types within your request. If not, an 'Unknown' message is shown in the response.
To learn more, see Configuring the Sandbox Policy and Configuring the Default Sandbox Rule.
After files are sent for analysis, you must use GET /sandbox/report/{md5Hash} in order to retrieve the verdict. You can get the Sandbox report 10 minutes after a file is sent for analysis.
operationId: submitFile parameters: - name: api_token in: query description:The Sandbox API token obtained from the ZIA Admin Portal to be used for authenticating the Sandbox Submission API. To learn more, see Managing Sandbox API Token.
required: true style: form explode: true schema: type: string - name: force in: query description:Submit file to sandbox even if found malicious during AV scan and a verdict already exists.
style: form explode: true schema: allOf: - $ref: '#/components/schemas/force1' - description:Submit file to sandbox even if found malicious during AV scan and a verdict already exists.
responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/SandboxSubmissionResponse' - description: Sandbox submission response information. deprecated: false /zscsb/discan: post: tags: - Sandbox Submission API summary: submitFileForScan description: 'Submits raw or archive files (e.g., ZIP) to the Zscaler service for out-of-band file inspection to generate real-time verdicts for known and unknown files. It leverages capabilities such as Malware Prevention, Advanced Threat Prevention, Sandbox cloud effect, AI/ML-driven file analysis, and integrated third-party threat intelligence feeds to inspect files and classify them as benign or malicious instantaneously.
All file types that are currently supported by the Malware Protection policy and Advanced Threat Protection policy are supported for inspection, and each file is limited to a size of 400 MB.
Note: Dynamic file analysis is not included in out-of-band file inspection.
' operationId: submitFileForScan parameters: - name: api_token in: query description:The Sandbox API token obtained from the ZIA Admin Portal to be used for authenticating the Sandbox Submission API. To learn more, see Managing Sandbox API Token.
required: true style: form explode: true schema: type: string responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/DIScanSubmissionResponse' - description: Information about the file inspection results deprecated: false /apps/app: get: tags: - Applications summary: getApp description: > https://api.apptotal.zscaler.com/v1/apps/appapp_id or url—for your search. If you use both an app ID and a URL for your search, an error is returned. 200 response is received and the app's information is returned. 202 response is received and the app is submitted for analysis in the AppTotal Sandbox. GET request is required to fetch the app's information. As a best practice, allow 24 hours for analysis and then resubmit the required GET request. 404 response is received.400 response is received.GET request is required to fetch the app's information.
operationId: postApp
parameters: []
requestBody:
description: The app identifier (e.g., OAuth client ID)
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/SimpleAppIdRequest'
- description: The app identifier (e.g., OAuth client ID)
required: true
responses:
'200':
description: Successful Operation
headers:
X-Rate-Limit-Remaining:
description: The requests remaining until the quota limit is reached
content:
text/plain:
schema:
type: integer
description: The requests remaining until the quota limit is reached
format: int32
content: {}
'400':
description: Invalid Request Body
headers: {}
content: {}
'401':
description: Not Authenticated
headers: {}
content: {}
'403':
description: Access Forbidden
headers: {}
content: {}
'409':
description: Rate Limit Exceeded
headers:
Retry-After:
description: The seconds remaining until the rate limit resets
content:
text/plain:
schema:
type: integer
description: The seconds remaining until the rate limit resets
format: int32
content: {}
'500':
description: Internal Server Error Occurred
headers: {}
content: {}
deprecated: false
/apps/search:
get:
tags:
- Applications
summary: AppsSearch_GET
description: >
https://api.apptotal.zscaler.com/v1/apps/search appName) is returned. id from GET /app_views/list to return the app IDs of the apps related to the custom view.
operationId: getViewApps
parameters:
- name: appViewId
in: path
description: The custom view identifier
required: true
style: simple
schema:
type: string
responses:
'200':
description: Successful Operation
headers:
X-Rate-Limit-Remaining:
description: The requests remaining until the quota limit is reached
content:
text/plain:
schema:
type: integer
description: The requests remaining until the quota limit is reached
format: int32
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/AppViewAppsResponse'
description: ''
'400':
description: Invalid Request Body
headers: {}
content: {}
'401':
description: Not Authenticated
headers: {}
content: {}
'403':
description: Access Forbidden
headers: {}
content: {}
'409':
description: Rate Limit Exceeded
headers:
Retry-After:
description: The seconds remaining until the rate limit resets
content:
text/plain:
schema:
type: integer
description: The seconds remaining until the rate limit resets
format: int32
content: {}
'500':
description: Internal Server Error Occurred
headers: {}
content: {}
deprecated: false
/adminRoles/lite:
get:
tags:
- Admin & Role Management
summary: getRoleSummary
description: >
Gets a name and ID dictionary of all admin roles. The list only includes the name and ID for all admin roles. To learn more, see About Role Management.
operationId: getRoleSummary parameters: - name: includeAuditorRole in: query description:Include or exclude auditor role information in the list.
style: form explode: true schema: type: boolean - name: includePartnerRole in: query description:Include or exclude partner admin role information in the list.
style: form explode: true schema: type: boolean default: true - name: includeApiRole in: query description:Include or exclude API role information in the list.
style: form explode: true schema: type: boolean default: true - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/AdminRole' - description:The admin role specifies an admin's level of access to the Zscaler Admin Portal.
deprecated: false /adminUsers: get: tags: - Admin & Role Management summary: getAdminUsers description: >Gets a list of admin users. By default, auditor user information is not included. To learn more, see About Administrators and About Auditors.
operationId: getAdminUsers parameters: - name: includeAuditorUsers in: query description:Include or exclude auditor user information in the list.
style: form explode: true schema: type: boolean - name: includeAdminUsers in: query description:Include or exclude admin user information in the list.
style: form explode: true schema: type: boolean default: true - name: search in: query description:The search string used to partially match against an admin/auditor user's Login ID or Name.
style: form explode: true schema: type: string - name: page in: query description:Specifies the page offset.
style: form explode: true schema: type: integer format: int32 default: 1 - name: pageSize in: query description:Specifies the page size. The default size is 100, but the maximum size is 1000.
style: form explode: true schema: type: integer format: int32 default: 100 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/AdminUser' - description: Admin and auditor information. deprecated: false post: tags: - Admin & Role Management summary: addAdminUser description: >Creates an admin or auditor user. To learn more, see Adding Admins and Adding Auditors.
operationId: addAdminUser parameters: - name: associateWithExistingAdmin in: query description: This field is set to true to update an admin user that already exists in other Zscaler services but does not exist in ZIA. For example, this field must be set to true when creating an admin user in ZIA who's already a user in Zscaler Digital Experience (ZDX). To learn more, see Adding ZIA Admins. style: form explode: true schema: type: boolean default: false requestBody: description: '' content: application/json: schema: $ref: '#/components/schemas/AdminUser' required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/AdminUser' - description: Admin and auditor information. deprecated: false /adminUsers/{userId}: put: tags: - Admin & Role Management summary: updateAdminUser description: >Updates admin or auditor user for the specified ID. You can only disable/enable the default admin account using this endpoint, all other updates within the request are ignored for this admin account.
operationId: updateAdminUser parameters: - name: userId in: path description:The unique identifier for the admin/auditor user.
required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/AdminUser' - description: Admin and auditor information. deprecated: false delete: tags: - Admin & Role Management summary: deleteAdminUser description: >Deletes an admin or auditor user using the specified ID
Note: This request deletes an admin and removes them as a user from the ZIA Admin Portal. To delete the admin privileges for a user while retaining them as a regular user of your organization in the ZIA Admin Portal, use the POST /adminUsers/{userId}/convertToUser request.
import http.client
import json
conn = http.client.HTTPSConnection("HOSTNAME")
headers = {
'content-type': "application/json",
'cache-control': "no-cache",
'cookie': "JSESSIONID=xxxxxxx"
}
conn.request("DELETE", "/api/v1/adminUsers/6794036", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
204 No ContentoperationId: deleteAdminUser parameters: - name: userId in: path description:
The unique identifier for the admin/auditor user.
required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '204': description: Successful Operation headers: {} content: {} deprecated: false /adminUsers/{userId}/convertToUser: post: tags: - Admin & Role Management summary: convertAdminToEndUser description:Removes admin privileges for a user while retaining them as a regular user of your organization in the ZIA Admin Portal. This can be used as an alternative to the DELETE /adminUsers/{userId} request, which deletes an admin and removes them as a user from the ZIA Admin Portal. To learn more, see Deleting ZIA Admins.
Before you can delete the admin privileges for a user, you need to obtain the admin user's ID and other information by using the GET /users request and then send the admin user details in the POST /adminUsers/{userId}/convertToUser request.
Gets a list of all the cloud browser isolation profiles in the Isolation Profile field for URL Filtering Policy and Cloud App Control Policy rules.
operationId: getCloudBrowserIsolationProfiles parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/BrowserIsolationProfile' description: '' deprecated: false /dlpDictionaries: get: tags: - Data Loss Prevention summary: getDlpDictionaries description: Gets information on all custom and predefined DLP dictionaries. operationId: getDlpDictionaries parameters: - name: search in: query description:The search string used to match against a DLP dictionary's name or description attributes.
style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/DlpDictionaryDom' description: '' deprecated: false post: tags: - Data Loss Prevention summary: addCustomDLPDictionary description: Adds a new custom DLP dictionary. operationId: addCustomDLPDictionary parameters: [] requestBody: description: The information for a custom DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Adding Custom DLP Dictionaries. content: application/json: schema: allOf: - $ref: '#/components/schemas/DlpDictionariesRequest' - description: The information for a custom DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Adding Custom DLP Dictionaries. required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/DlpDictionaryDom' - description:A DLP dictionary contains a set of patented algorithms that are designed to detect specific kinds of information in user traffic. For a list of and information on all predefined dictionaries, see About DLP Dictionaries.
You can modify predefined DLP dictionaries or create custom dictionaries for content that is not properly covered by them. For example, using the cloud service API, you can create custom DLP dictionaries that trigger based on specific patterns and phrases. To learn more, see Adding Custom DLP Dictionaries, Defining Patterns for Custom DLP Dictionaries, and Defining Phrases for Custom DLP Dictionaries. You can also create custom DLP dictionaries based on Exact Data Match (EDM) or Indexed Document Match (IDM). To learn more, see About Exact Data Match and see About Indexed Document Match.
deprecated: false /dlpDictionaries/lite: get: tags: - Data Loss Prevention summary: getDLPDictionarySummary description: Gets a name and ID dictionary of all custom and predefined DLP dictionaries. operationId: getDLPDictionarySummary parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/DlpDictionaryDom' description: '' deprecated: false /dlpDictionaries/{dlpDictId}: get: tags: - Data Loss Prevention summary: getDlpDictionaryById description: Gets DLP dictionary information for the specified ID. operationId: getDlpDictionaryById parameters: - name: dlpDictId in: path description: The unique identifier for the DLP dictionary. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/DlpDictionaryDom' - description:A DLP dictionary contains a set of patented algorithms that are designed to detect specific kinds of information in user traffic. For a list of and information on all predefined dictionaries, see About DLP Dictionaries.
You can modify predefined DLP dictionaries or create custom dictionaries for content that is not properly covered by them. For example, using the cloud service API, you can create custom DLP dictionaries that trigger based on specific patterns and phrases. To learn more, see Adding Custom DLP Dictionaries, Defining Patterns for Custom DLP Dictionaries, and Defining Phrases for Custom DLP Dictionaries. You can also create custom DLP dictionaries based on Exact Data Match (EDM) or Indexed Document Match (IDM). To learn more, see About Exact Data Match and see About Indexed Document Match.
deprecated: false put: tags: - Data Loss Prevention summary: updateDlpDictionary description: Updates a custom or predefined DLP dictionary. operationId: updateDlpDictionary parameters: - name: dlpDictId in: path description: The unique identifier for the DLP dictionary. required: true style: simple schema: type: integer format: int32 requestBody: description: The information for a custom or predefined DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Editing Predefined DLP Dictionaries, and Adding Custom DLP Dictionaries which provides more information regarding defining phrases and patterns, as well as EDM fields and IDM accuracy. content: application/json: schema: allOf: - $ref: '#/components/schemas/DlpDictionariesRequest' - description: The information for a custom or predefined DLP Dictionary that uses Patterns and Phrases, Exact Data Match (EDM), or Indexed Document Match (IDM). To learn more, see Editing Predefined DLP Dictionaries, and Adding Custom DLP Dictionaries which provides more information regarding defining phrases and patterns, as well as EDM fields and IDM accuracy. required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/DlpDictionaryDom' - description:A DLP dictionary contains a set of patented algorithms that are designed to detect specific kinds of information in user traffic. For a list of and information on all predefined dictionaries, see About DLP Dictionaries.
You can modify predefined DLP dictionaries or create custom dictionaries for content that is not properly covered by them. For example, using the cloud service API, you can create custom DLP dictionaries that trigger based on specific patterns and phrases. To learn more, see Adding Custom DLP Dictionaries, Defining Patterns for Custom DLP Dictionaries, and Defining Phrases for Custom DLP Dictionaries. You can also create custom DLP dictionaries based on Exact Data Match (EDM) or Indexed Document Match (IDM). To learn more, see About Exact Data Match and see About Indexed Document Match.
deprecated: false delete: tags: - Data Loss Prevention summary: deleteCustomDlpDictionary description: Deletes a custom DLP dictionary. You cannot delete predefined DLP dictionaries. operationId: deleteCustomDlpDictionary parameters: - name: dlpDictId in: path description: The unique identifier for the DLP dictionary. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /dlpDictionaries/{dictId}/predefinedIdentifiers: get: tags: - Data Loss Prevention summary: getPredefinedHierarchicalIdentifiersByDictionaryId description:Retrieves the list of identifiers that are available for selection in the specified hierarchical DLP dictionary. This information can be obtained for predefined hierarchical dictionaries such as the Driver’s License (United States), Passport Number (European Union), and Credentials and Secrets dictionaries and their clones.
Each identifier represents a sub-dictionary that consists of specific patterns. The Driver’s License (United States) dictionary includes one sub-dictionary for each state in the United States and the District of Columbia. For example, the Driver's License (United States) dictionary includes one sub-dictionary for each state in the United States, and you can customize this dictionary to detect the driver's licenses issued by specific states (e.g., California, New York, and Texas) by selecting the respective sub-dictionary identifier.
To learn more about hierarchical dictionaries, see Understanding Predefined DLP Dictionaries.
operationId: getPredefinedHierarchicalIdentifiersByDictionaryId parameters: - name: dictId in: path description: The ID of the hierarchical DLP dictionary required: true style: simple schema: type: integer format: int32 responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: type: string description: '' deprecated: false /dlpDictionaries/validateDlpPattern: post: tags: - Data Loss Prevention summary: validateDlpPattern description:Validates the pattern used by a Pattern and Phrases DLP dictionary type, and provides error information if the pattern is invalid. To learn more about how to define valid patterns for custom DLP dictionaries, see Defining Patterns for Custom DLP Dictionaries.
operationId: validateDlpPattern parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/SMMsgStatusInfo' - description: Error message information that is returned when an invalid pattern is identified within a custom DLP dictionary deprecated: false /dlpEngines: get: tags: - Data Loss Prevention summary: getDLPEngines description: Get a list of DLP engines. operationId: getDLPEngines parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/DlpEngineDom' description: '' deprecated: false post: tags: - Data Loss Prevention summary: addCustomDLPEngine description: "Adds a new custom DLP engine. A DLP engine is a collection of one or more DLP Dictionaries, combined using logical operators. DLP engines can be used in DLP policies to detect specific content in the users' traffic. The Zscaler service provides predefined DLP engines and supports custom DLP engines. To learn more, see About DLP Engines and Understanding DLP Engines.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Details of a custom DLP engine formed by combining DLP dictionaries using logical operators. To learn how to add custom DLP engines, see Adding Custom DLP Engines.
content: application/json: schema: allOf: - $ref: '#/components/schemas/DlpEnginesRequest' - description:Details of a custom DLP engine formed by combining DLP dictionaries using logical operators. To learn how to add custom DLP engines, see Adding Custom DLP Engines.
required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/DlpEngineDom' - description: DLP engine information. deprecated: false /dlpEngines/lite: get: tags: - Data Loss Prevention summary: getDLPEnginesSummary description: Gets a name and ID dictionary for all DLP engines. operationId: getDLPEnginesSummary parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/DlpEngineDom' description: '' deprecated: false /dlpEngines/validateDlpExpr: post: tags: - Data Loss Prevention summary: validateDlpPattern description: 'Validates the logical expression within a DLP engine that is formed by combining DLP dictionaries and provides error information if the expression is invalid. To learn more about DLP engine expressions, see Understanding DLP Engines.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Logical expression within a DLP engine formed by combining DLP dictionaries using operators. This parameter requires the input in a certain format. For example, an expression combining ABA Bank Routing Numbers and Credit Cards dictionaries using an AND operator with zero match count each would be ((D63.S > 0) AND (D38.S > 0)), where 63 is the ID of the Credit Cards dictionary and 38 is the ID of the ABA Bank Routing Numbers dictionary. The dictionary ID is wrapped around by a prefix (D) and a suffix (.S).
Engine expression examples:
((D63.S > 1))((D63.S > 1) AND (D38.S > 0))((D63.S > 1) OR (D38.S > 0))(D63.S > 0) AND ( NOT ( (D61.S > 0) ) ) )(SUM(D63.S, D38.S) > 3)In the preceding examples, 63 represents the ID of the Credit Cards dictionary, 61 is the Financial Statements dictionary ID, and 38 is the ABA Bank Routing Numbers dictionary ID.
Note: Zscaler recommends validating DLP engine expressions by sending a POST request to /dlpEngines/validateDlpExpr before configuring a DLP engine.
Logical expression within a DLP engine formed by combining DLP dictionaries using operators. This parameter requires the input in a certain format. For example, an expression combining ABA Bank Routing Numbers and Credit Cards dictionaries using an AND operator with zero match count each would be ((D63.S > 0) AND (D38.S > 0)), where 63 is the ID of the Credit Cards dictionary and 38 is the ID of the ABA Bank Routing Numbers dictionary. The dictionary ID is wrapped around by a prefix (D) and a suffix (.S).
Engine expression examples:
((D63.S > 1))((D63.S > 1) AND (D38.S > 0))((D63.S > 1) OR (D38.S > 0))(D63.S > 0) AND ( NOT ( (D61.S > 0) ) ) )(SUM(D63.S, D38.S) > 3)In the preceding examples, 63 represents the ID of the Credit Cards dictionary, 61 is the Financial Statements dictionary ID, and 38 is the ABA Bank Routing Numbers dictionary ID.
Note: Zscaler recommends validating DLP engine expressions by sending a POST request to /dlpEngines/validateDlpExpr before configuring a DLP engine.
Updates DLP engine information for the specified ID. To learn more, see About DLP Engines and Editing Predefined DLP Engines.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Deletes the custom DLP engine with the specified ID.
Note: To enable /dlpEngines endpoints that use POST, PUT, and DELETE methods for your organization, contact Zscaler Support.
Gets the status of the request to generate an event log report. Following a request to generate a report via the POST /eventlogEntryReport endpoint, you can call GET /eventlogEntryReport to check the current status of report generation. If the status is COMPLETE, you can send a GET request to /eventlogEntryReport/download to download the report as a CSV file.
Creates an event log report for the specified time period and saves it as a CSV file. The report includes event log information for every call made to the ZIA API during the specified time period. Creating a new event log report overwrites the previously-generated report.
operationId: startEventReportEntryCsvExport parameters: [] requestBody: description: 'Event log report request, which includes the following information:
Event log report request, which includes the following information:
Cancels the request to generate an event log report.
operationId: cancelEventReportEntryCsvExport parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /eventlogEntryReport/download: get: tags: - Event Logs summary: getEventReportEntryCsvData description:Downloads the most recently generated event log report. Calling this endpoint downloads the file only if the report generation status is COMPLETE. Use the GET /eventlogEntryReport endpoint to verify the status before calling this endpoint for downloading the file.
Gets all rules in the Firewall Filtering policy.
operationId: getFirewallFilteringRules parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/FirewallFilteringRule' description: '' deprecated: false post: tags: - Firewall Policies summary: createFirewallFilteringRule description: Adds a new Firewall Filtering policy rule. operationId: createFirewallFilteringRule parameters: [] requestBody: description: The Firewall Filtering policy rule information. content: application/json: schema: allOf: - $ref: '#/components/schemas/FirewallFilteringRule' - description: The Firewall Filtering policy rule information. required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/FirewallFilteringRule' deprecated: false /firewallFilteringRules/{ruleId}: get: tags: - Firewall Policies summary: getFirewallFilteringRule description: >Gets the Firewall Filtering policy rule information for the specified ID.
operationId: getFirewallFilteringRule parameters: - name: ruleId in: path description: The unique identifier for the policy rule. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/FirewallFilteringRule' deprecated: false put: tags: - Firewall Policies summary: updateFirewallFilteringRule description: Updates Firewall Filtering policy rule information for the specified ID. operationId: updateFirewallFilteringRule parameters: - name: ruleId in: path description: The unique identifier for the policy rule. required: true style: simple schema: type: integer format: int32 requestBody: description: The Firewall Filtering policy rule information. content: application/json: schema: allOf: - $ref: '#/components/schemas/FirewallFilteringRule' - description: The Firewall Filtering policy rule information. required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/FirewallFilteringRule' deprecated: false delete: tags: - Firewall Policies summary: deleteFirewallFilteringRule description: Deletes a Firewall Filtering policy rule for the specified ID. operationId: deleteFirewallFilteringRule parameters: - name: ruleId in: path description: The unique identifier for the policy rule. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /ipDestinationGroups: get: tags: - Firewall Policies summary: getDestinationIpGroups description: >Gets a list of all IP destination groups.
Note: This endpoint retrieves only IPv4 destination address groups. Organizations that have enabled IPv6 can use GET /ipSourceGroups/ipv6SourceGroups to retrieve IPv6 destination address groups.
Adds a new IP Destination group.
Note: This endpoint can only add an IPv4 destination address group. User-defined groups for IPv6 addresses are currently not supported.
' operationId: addDestinationIpGroup parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/DestinationIpGroup' deprecated: false /ipDestinationGroups/ipv6DestinationGroups: get: tags: - Firewall Policies summary: getDestinationIpv6Groups description: 'Gets the list of destination IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
' operationId: getDestinationIpv6Groups parameters: - name: excludeType in: query description:Specifies a destination group type to exclude the corresponding groups from the list.
style: form explode: true schema: allOf: - $ref: '#/components/schemas/excludeType2' - description:Specifies a destination group type to exclude the corresponding groups from the list.
- name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/DestinationIpGroup' description: '' deprecated: false /ipDestinationGroups/ipv6DestinationGroups/lite: get: tags: - Firewall Policies summary: getDestinationIpv6GroupsLite description: 'Gets a name and ID dictionary for destination IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
' operationId: getDestinationIpv6GroupsLite parameters: - name: type in: query description: Filters the list based on the destination group type. style: form explode: true schema: type: array items: $ref: '#/components/schemas/type10' - name: excludeType in: query description:Specifies a destination group type to exclude the corresponding groups from the list type.
style: form explode: true schema: allOf: - $ref: '#/components/schemas/excludeType3' - description:Specifies a destination group type to exclude the corresponding groups from the list type.
- name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/EntityReference' description: '' deprecated: false /ipDestinationGroups/lite: get: tags: - Firewall Policies summary: getDestinationIpGroupsLite description: >Gets a name and ID dictionary of all IP destination groups.
Note: This endpoint retrieves only IPv4 destination address groups. Organizations that have enabled IPv6 can use GET /ipDestinationGroups/ipv6DestinationGroups/lite to retrieve IPv6 destination address groups.
Gets the IP destination group information for the specified ID.
operationId: getDestinationIpGroupById parameters: - name: ipGroupId in: path description: The unique identifier for the IP destination group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/DestinationIpGroup2' - description: TBD deprecated: false put: tags: - Firewall Policies summary: editDestinationIpGroup description: 'Updates the IP destination group information for the specified ID.
Note: Only user-defined IP groups can be updated.
' operationId: editDestinationIpGroup parameters: - name: ipGroupId in: path description: The unique identifier for the IP destination group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/DestinationIpGroup' deprecated: false delete: tags: - Firewall Policies summary: deleteDestinationIpGroup description: 'Deletes the IP destination group for the specified ID.
Note: Only user-defined IP groups can be deleted.
' operationId: deleteDestinationIpGroup parameters: - name: ipGroupId in: path description: '' required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /ipSourceGroups: get: tags: - Firewall Policies summary: getSourceIpGroups description: 'Gets a list of all IP source groups. The search parameters find matching values within the name or description attributes.
Note: This endpoint retrieves only IPv4 source address groups. Organizations that have enabled IPv6 can use GET /ipSourceGroups/ipv6SourceGroups to retrieve IPv6 source address groups.
Adds a new IP source group.
Note: This endpoint can only add an IPv4 source address group. User-defined groups for IPv6 addresses are currently not supported.
' operationId: addSourceIpGroup parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IpGroup' - description: IP group information. deprecated: false /ipSourceGroups/ipv6SourceGroups: get: tags: - Firewall Policies summary: getSourceIpv6Groups description: 'Gets the list of source IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
' operationId: getSourceIpv6Groups parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IpGroup' description: '' deprecated: false /ipSourceGroups/ipv6SourceGroups/lite: get: tags: - Firewall Policies summary: getSourceIpv6GroupsLite description: 'Gets a name and ID dictionary for source IPv6 address groups.
Note: User-defined groups for IPv6 addresses are currently not supported, so this endpoint retrieves only the predefined group that includes all IPv6 addresses.
' operationId: getSourceIpv6GroupsLite parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IpGroup' description: '' deprecated: false /ipSourceGroups/lite: get: tags: - Firewall Policies summary: getSourceIpGroupsLite description: >Gets a name and ID dictionary of all IP source groups.
Note: This endpoint retrieves only IPv4 source address groups. Organizations that have enabled IPv6 can use GET /ipSourceGroups/ipv6SourceGroups/lite to retrieve IPv6 source address groups.
Gets the IP source group information for the specified ID.
operationId: getSourceIpGroupById parameters: - name: ipGroupId in: path description: The unique identifier for the IP source group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IpGroup' - description: IP group information. deprecated: false put: tags: - Firewall Policies summary: editSourceIpGroup description: 'Updates the IP source group information for the specified ID.
Note: Only user-defined IP groups can be updated.
' operationId: editSourceIpGroup parameters: - name: ipGroupId in: path description: The unique identifier for the IP source group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IpGroup' - description: IP group information. deprecated: false delete: tags: - Firewall Policies summary: deleteSourceIpGroup description: 'Deletes the IP source group for the specified ID.
Note: Only user-defined IP groups can be deleted.
' operationId: deleteSourceIpGroup parameters: - name: ipGroupId in: path description: The unique identifier for the IP source group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /networkApplicationGroups: get: tags: - Firewall Policies summary: getNetowrkApplicationGroups description: "Gets a list of all network application groups. The search parameters find matching values within the name or description attributes.
The search string used to match against a group's name or description attributes.
style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkApplicationGroup' description: '' deprecated: false post: tags: - Firewall Policies summary: createNetworkApplicationGroup description: Creates a new custom network application group. operationId: createNetworkApplicationGroup parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkApplicationGroup' deprecated: false /networkApplicationGroups/lite: get: tags: - Firewall Policies summary: getNetowrkApplicationGroupsLite description: >Gets a name and ID dictionary of all network application groups.
operationId: getNetowrkApplicationGroupsLite parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkApplicationGroup' description: '' deprecated: false /networkApplicationGroups/{groupId}: get: tags: - Firewall Policies summary: getNetworkApplicationGroupById description: >Gets the network application group information for the specified ID.
operationId: getNetworkApplicationGroupById parameters: - name: groupId in: path description: The unique identifier for the network application group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkApplicationGroup' deprecated: false put: tags: - Firewall Policies summary: updateNetworkApplicationGroup description: Updates the customer network application group for the specified ID. operationId: updateNetworkApplicationGroup parameters: - name: groupId in: path description: The unique identifier for the network application group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkApplicationGroup' deprecated: false delete: tags: - Firewall Policies summary: deleteNetworkApplicationGroup description: Deletes the custom network application group for the specified ID. operationId: deleteNetworkApplicationGroup parameters: - name: groupId in: path description: The unique identifier for the network application group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /networkApplications: get: tags: - Firewall Policies summary: getNetworkApplications description: >Gets a list of all predefined network applications. The search parameters find matching values within the description attribute.
The search string used to match against a network application's description attribute.
style: form explode: true schema: type: string - name: locale in: query description:When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network application's description is localized into the requested language.
style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkApplicationDom' description: '' deprecated: false /networkApplications/{appId}: get: tags: - Firewall Policies summary: getNetworkApplicationById description: >Gets the network application information for the specified ID.
operationId: getNetworkApplicationById parameters: - name: appId in: path description: The unique identifier for the network application. required: true style: simple schema: type: string - name: locale in: query description:When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network application's description is localized into the requested language.
style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkApplicationDom' deprecated: false /networkServiceGroups: get: tags: - Firewall Policies summary: getNetworkServiceGroups description: >Gets a list of all network service groups. The search parameters find matching values within the name or description attributes.
The search string used to match against a group's name or description attributes.
style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkServiceGroup' description: '' deprecated: false post: tags: - Firewall Policies summary: addCustomNetworkServiceGroup description: Adds a new network service group. operationId: addCustomNetworkServiceGroup parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkServiceGroup' deprecated: false /networkServiceGroups/lite: get: tags: - Firewall Policies summary: getNetworkServiceGroupsLite description: >Gets a name and ID dictionary of all network service groups.
operationId: getNetworkServiceGroupsLite parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkServiceGroup' description: '' deprecated: false /networkServiceGroups/{serviceGroupId}: get: tags: - Firewall Policies summary: getNetworkServiceGroupById description: >Gets the network service group information for the specified ID.
operationId: getNetworkServiceGroupById parameters: - name: serviceGroupId in: path description: The unique identifier for the network service group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkServiceGroup' deprecated: false put: tags: - Firewall Policies summary: editNetworkServiceGroup description: Updates the network service group information for the specified ID. operationId: editNetworkServiceGroup parameters: - name: serviceGroupId in: path description: The unique identifier for the network service group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkServiceGroup' deprecated: false delete: tags: - Firewall Policies summary: deleteCustomNetowrkServiceGroup description: Deletes the network service group for the specified ID. operationId: deleteCustomNetowrkServiceGroup parameters: - name: serviceGroupId in: path description: The unique identifier for the network service group. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /networkServices: get: tags: - Firewall Policies summary: getNetworkServices description: "Gets a list of all network services. The search parameters find matching values within the name or description attributes.
The search string used to match against a service's name or description attributes.
style: form explode: true schema: type: string - name: protocol in: query description: Filter based on the network service protocol. style: form explode: true schema: allOf: - $ref: '#/components/schemas/protocol21' - description: Filter based on the network service protocol. - name: locale in: query description:When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network service's description is localized into the requested language.
style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkService' description: '' deprecated: false post: tags: - Firewall Policies summary: addCustomNetworkService description: Adds a new network service. operationId: addCustomNetworkService parameters: [] requestBody: description: The network service information. content: application/json: schema: allOf: - $ref: '#/components/schemas/NetworkService' - description: The network service information. required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkService' deprecated: false /networkServices/lite: get: tags: - Firewall Policies summary: getNetworkServicesLite description: >Gets a name and ID dictionary of all network services.
operationId: getNetworkServicesLite parameters: - name: locale in: query description: '' style: form explode: true schema: type: string default: en_US - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NetworkService' description: '' deprecated: false /networkServices/{serviceId}: get: tags: - Firewall Policies summary: getNetworkServiceById description: >Gets the network service for the specified ID.
operationId: getNetworkServiceById parameters: - name: serviceId in: path description: The unique identifier for the network service. required: true style: simple schema: type: integer format: int32 - name: locale in: query description:When set to one of the supported locales (i.e., en-US, de-DE, es-ES, fr-FR, ja-JP, zh-CN), the network service's description is localized into the requested language.
style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkService' deprecated: false put: tags: - Firewall Policies summary: editNetworkService description: Updates the network service information for the specified ID. operationId: editNetworkService parameters: - name: serviceId in: path description: The unique identifier for the network service. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/NetworkService' deprecated: false delete: tags: - Firewall Policies summary: deleteCustomNetworkService description: Deletes the network service for the specified ID. operationId: deleteCustomNetworkService parameters: - name: serviceId in: path description: The unique identifier for the network service. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /timeWindows: get: tags: - Firewall Policies - URL Filtering Policies summary: getTimeWindows description: >Gets a list of time intervals used for by the Firewall policy or the URL Filtering policy.
operationId: getTimeWindows parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/TimeWindow' description: '' deprecated: false /timeWindows/lite: get: tags: - Firewall Policies - URL Filtering Policies summary: getTimeWindowSummary description: "Gets a name and ID dictionary of time intervals used by the Firewall policy or the URL Filtering policy.
\n" operationId: getTimeWindowSummary parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/TimeWindow' description: '' deprecated: false /forwardingRules: get: tags: - Forwarding Control Policy summary: getForwardingRules description: Gets the list of forwarding rules configured in the ZIA Admin Portal. To learn about forwarding control, see About Forwarding Control. operationId: getForwardingRules parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/ForwardingRule' description: '' deprecated: false post: tags: - Forwarding Control Policy summary: createForwardingRule description: Adds a new forwarding rule. To learn more, see Configuring Forwarding Policy. operationId: createForwardingRule parameters: [] requestBody: description: Forwarding rule information content: application/json: schema: allOf: - $ref: '#/components/schemas/ForwardingRulesRequest' - description: Forwarding rule information required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/ForwardingRule' - description: Forwarding rule information deprecated: false /forwardingRules/{ruleId}: get: tags: - Forwarding Control Policy summary: getForwardingRule description: Gets information for a forwarding rule using the specified ID operationId: getForwardingRule parameters: - name: ruleId in: path description: The ID of the forwarding rule required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/ForwardingRule' - description: Forwarding rule information deprecated: false put: tags: - Forwarding Control Policy summary: updateForwardingRule description: Updates information for a forwarding rule using the specified ID operationId: updateForwardingRule parameters: - name: ruleId in: path description: The ID of the forwarding rule required: true style: simple schema: type: integer format: int32 requestBody: description: Forwarding rule infomration content: application/json: schema: allOf: - $ref: '#/components/schemas/ForwardingRulesRequest' - description: Forwarding rule infomration required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/ForwardingRule' - description: Forwarding rule information deprecated: false delete: tags: - Forwarding Control Policy summary: deleteForwardingRule description: Deletes a forwarding rule using the specified ID operationId: deleteForwardingRule parameters: - name: ruleId in: path description: The ID of the forwarding rule required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /zpaGateways: get: tags: - Forwarding Control Policy summary: getZpaGateways description: Gets the list of Zscaler Private Access (ZPA) gateways configured in the ZIA Admin Portal. To learn about ZPA gateways, see About Zscaler Private Access Gateway. operationId: getZpaGateways parameters: - name: search in: query description: The search string used to match against a ZPA gateway name or an associated Server Group name style: form explode: true schema: type: string - name: appSegment in: query description: Filters the list by Application Segment style: form explode: true schema: type: array items: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/ZpaGateway' description: '' deprecated: false post: tags: - Forwarding Control Policy summary: addZpaGateway description: Adds a new custom ZPA gateway. The ZPA gateway can be used in a forwarding control policy to forward traffic to ZPA for Source IP Anchoring. To learn more, see Configuring ZPA Gateway. operationId: addZpaGateway parameters: [] requestBody: description: '' content: application/json: schema: $ref: '#/components/schemas/ZpaGateway' required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/ZpaGateway' - description: ZPA gateway information deprecated: false /zpaGateways/{gatewayId}: get: tags: - Forwarding Control Policy summary: getZpaGatewayById description: Gets information for a ZPA gateway using the specified ID operationId: getZpaGatewayById parameters: - name: gatewayId in: path description: The ID of the ZPA gateway required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/ZpaGateway' - description: ZPA gateway information deprecated: false put: tags: - Forwarding Control Policy summary: editZpaGateway description: Updates information for a ZPA gateway using the specified ID operationId: editZpaGateway parameters: - name: gatewayId in: path description: The ID of the ZPA gateway required: true style: simple schema: type: integer format: int32 requestBody: description: ZPA gateway information content: application/json: schema: allOf: - $ref: '#/components/schemas/ZpaGatewaysRequest' - description: ZPA gateway information required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/ZpaGateway' - description: ZPA gateway information deprecated: false delete: tags: - Forwarding Control Policy summary: deleteZpaGateway description: Deletes a ZPA gateway using the specified ID operationId: deleteZpaGateway parameters: - name: gatewayId in: path description: The ID of the ZPA gateway required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /intermediateCaCertificate: get: tags: - Intermediate CA Certificates summary: getIntermediateCaCertificates description:Gets the list of intermediate CA certificates added for SSL inspection.
operationId: getIntermediateCaCertificates parameters: - name: page in: query description: Specifies the page offset. style: form explode: true schema: type: integer format: int32 default: 1 - name: pageSize in: query description: Specifies the page size. style: form explode: true schema: type: integer format: int32 default: 100 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IntermediateCaCertificate' description: '' deprecated: false post: tags: - Intermediate CA Certificates summary: addIntermediateCaCertificate description:Adds a custom intermediate CA certificate that can be used for SSL inspection. Custom intermediate certificates can be added with software protection or cloud HSM based on your subscriptions. In cloud HSM protection, your certificate private keys are stored in a cloud hardware security module (HSM) located in a region of your choice.
With cloud HSM protection subscription, you can add up to eight custom intermediate certificates using either cloud HSM or software protection and only four certificates can be active at a time. With software protection subscription, you can add up to 2 intermediate certificates and only one certificate can be active at a time.
To learn more, see Configuring Cloud HSM Protection Intermediate CA Certificate and Configuring Software Protection Intermediate CA Certificate.
operationId: addIntermediateCaCertificate parameters: [] requestBody: description: Intermediate CA certificate information. content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificateRequest' - description: Intermediate CA certificate information. required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificate' - description: Intermediate CA certificate information. deprecated: false /intermediateCaCertificate/downloadAttestation/{certId}: get: tags: - Intermediate CA Certificates summary: downloadAttestationStmt description:Downloads the attestation bundle produced by the HSM solution for the specified intermediate CA certificate ID. The attestation bundle can be used to verify the HSM key attributes and the validity of the certificate.
operationId: downloadAttestationStmt parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /intermediateCaCertificate/downloadCsr/{certId}: get: tags: - Intermediate CA Certificates summary: downloadCSR description:Downloads a Certificate Signing Request (CSR) for the specified ID. To perform this operation, a CSR must have already been generated.
operationId: downloadCSR parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /intermediateCaCertificate/downloadPublicKey/{certId}: get: tags: - Intermediate CA Certificates summary: downloadHsmPublicKey description:Downloads the public key in the HSM key pair for the intermediate CA certificate with the specified ID. To perform this operation, a HSM key pair must have already been generated.
operationId: downloadHsmPublicKey parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /intermediateCaCertificate/finalizeCert/{certId}: post: tags: - Intermediate CA Certificates summary: finalizeCert description:Finalizes the intermediate CA certificate with the specified ID.
operationId: finalizeCert parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /intermediateCaCertificate/generateCsr/{certId}: post: tags: - Intermediate CA Certificates summary: generateCsr description:Generates a Certificate Signing Request (CSR) for the custom intermediate CA certificate with the specified ID. You can send the generated CSR to your Certificate Authority (CA) to sign as a subordinate CA certificate or intermediate CA certificate. The subordinate CA can be an intermediate or an issuing CA.
operationId: generateCsr parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 requestBody: description: Certificate Signing Request (CSR) information. content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificateGenerateCsrRequest' - description: Certificate Signing Request (CSR) information. required: true responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/CertCSR' - description: Certificate Signing Request (CSR) information. deprecated: false /intermediateCaCertificate/keyPair/{certId}: post: tags: - Intermediate CA Certificates summary: generateHsmKeyPair description:Generates a HSM key pair for the custom intermediate CA certificate with the specified ID.
operationId: generateHsmKeyPair parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/HsmKey' - description: HSM key information. deprecated: false /intermediateCaCertificate/lite: get: tags: - Intermediate CA Certificates summary: getIntermediateCaCertificatesLite description:Gets the list of intermediate CA certificates added for SSL inspection.
operationId: getIntermediateCaCertificatesLite parameters: - name: page in: query description: Specifies the page offset. style: form explode: true schema: type: integer format: int32 default: 1 - name: pageSize in: query description: Specifies the page size. style: form explode: true schema: type: integer format: int32 default: 100 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IntermediateCaCertificate' description: '' deprecated: false /intermediateCaCertificate/lite/{certId}: get: tags: - Intermediate CA Certificates summary: getIntermediateCaCertificateLite description:Gets information about the intermediate CA certificate with the specified ID.
operationId: getIntermediateCaCertificateLite parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificate' - description: Intermediate CA certificate information. deprecated: false /intermediateCaCertificate/makeDefault/{certId}: put: tags: - Intermediate CA Certificates summary: makeDefaultCertificate description:Updates the intermediate CA certificate information for the specified ID to mark it as the default intermediate certificate. Only one intermediate certificate can be marked as the default certificate at a time.
operationId: makeDefaultCertificate parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificate' - description: Intermediate CA certificate information. deprecated: false /intermediateCaCertificate/readyToUse: get: tags: - Intermediate CA Certificates summary: getCertificatesInReadyToUseState description:Gets the list of intermediate CA certificates that are ready to use for SSL inspection.
operationId: getCertificatesInReadyToUseState parameters: - name: page in: query description: Specifies the page offset. style: form explode: true schema: type: integer format: int32 default: 1 - name: pageSize in: query description: Specifies the page size. style: form explode: true schema: type: integer format: int32 default: 100 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IntermediateCaCertificate' description: '' deprecated: false /intermediateCaCertificate/showCert/{certId}: get: tags: - Intermediate CA Certificates summary: showCert description:Shows information about the signed intermediate CA certificate with the specified ID.
operationId: showCert parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/CertSigningRequest' - description:Certificate Signing Request (CSR) information. Required if your organization uses a custom intermediate root certificate for SSL inspection. After generating the CSR, download and send it to your trusted Certificate Authority (CA) to sign as a subordinate CA certificate or intermediate CA certificate.
deprecated: false /intermediateCaCertificate/showCsr/{certId}: get: tags: - Intermediate CA Certificates summary: showCsr description:Shows information about the Certificate Signing Request (CSR) for the specified ID.
operationId: showCsr parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/CertSigningRequest' - description:Certificate Signing Request (CSR) information. Required if your organization uses a custom intermediate root certificate for SSL inspection. After generating the CSR, download and send it to your trusted Certificate Authority (CA) to sign as a subordinate CA certificate or intermediate CA certificate.
deprecated: false /intermediateCaCertificate/uploadCert/{certId}: post: tags: - Intermediate CA Certificates summary: uploadCert description:Uploads a custom intermediate CA certificate signed by your Certificate Authority (CA) for SSL inspection. To enable users' browsers to trust this new intermediate certificate and any certificate signed by it, install this certificate on users' browsers. If you also want to upload a certificate chain, upload the signed intermediate certificate before uploading the certificate chain.
operationId: uploadCert parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 requestBody: description: Uploads the signed intermediate CA certificate. content: text/plain: schema: type: object description: Uploads the signed intermediate CA certificate. required: false responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /intermediateCaCertificate/uploadCertChain/{certId}: post: tags: - Intermediate CA Certificates summary: uploadCertChain description:Uploads the intermediate certificate chain (PEM file). Upload the certificate chain that includes any other intermediate certificates that complete the chain to the intermediate root certificate you want to upload.
When you upload a certificate chain, the Zscaler service sends the intermediate certificate along with this key chain and the signed server certificate to your users’ machines during SSL inspection. If you do not upload the certificate chain, the Zscaler service sends only your organization’s intermediate root certificate and its signed server certificate to your users' machines.
operationId: uploadCertChain parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 requestBody: description: Uploads the intermediate certificate chain (PEM). content: text/plain: schema: type: object description: Uploads the intermediate certificate chain (PEM). required: false responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /intermediateCaCertificate/verifyKeyAttestation/{certId}: post: tags: - Intermediate CA Certificates summary: verifyKeyAttestation description:Verifies the attestation for the HSM keys generated for the specified ID.
operationId: verifyKeyAttestation parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/HsmKeyAttestation' - description: HSM key attestation verification information. deprecated: false /intermediateCaCertificate/{certId}: get: tags: - Intermediate CA Certificates summary: getIntermediateCaCertificate description:Gets intermediate CA certificate information for the specified ID.
operationId: getIntermediateCaCertificate parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificate' - description: Intermediate CA certificate information. deprecated: false put: tags: - Intermediate CA Certificates summary: updateIntermediateCaCertificate description:Updates intermediate CA certificate information for the specified ID.
operationId: updateIntermediateCaCertificate parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 requestBody: description: Intermediate CA certificate information. content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificateRequest' - description: Intermediate CA certificate information. required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IntermediateCaCertificate' - description: Intermediate CA certificate information. deprecated: false delete: tags: - Intermediate CA Certificates summary: deleteIntermediateCaCertificate description:Deletes the intermediate CA certificate with the specified ID. The default intermediate certificate cannot be deleted.
operationId: deleteIntermediateCaCertificate parameters: - name: certId in: path description: The unique identifier for the intermediate CA certificate. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /sslSettings/exemptedUrls: get: tags: - Intermediate CA Certificates summary: getSslExemptedUrls description:Gets a list of URLs that were exempted from SSL Inpection and policy evaluation.
operationId: getSslExemptedUrls parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/Urls' deprecated: true post: tags: - Intermediate CA Certificates summary: updateSslExemptedUrls description:Adds URLs to the exempted from SSL Inspection and policy evaluation list or removes URLs from the list. To add a URL to the list, set the action parameter to ADD_TO_LIST. To remove a URL, set action to REMOVE_FROM_LIST.
Retrieve the mapping between device type universally unique identifier (UUID) values and the device type names for all the device types supported by the Zscaler AI/ML.
operationId: getDeviceTypes parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: successful operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IotItemInfo' description: '' deprecated: false /iotDiscovery/categories: get: tags: - IoT Report summary: getCategories description:Retrieve the mapping between the device category universally unique identifier (UUID) values and the category names for all the device categories supported by the Zscaler AI/ML. The parent of device category is device type.
operationId: getCategories parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: successful operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IotItemInfo' description: '' deprecated: false /iotDiscovery/classifications: get: tags: - IoT Report summary: getClassifications description: 'Retrieve the mapping between the device classification universally unique identifier (UUID) values and the classification names for all the device classifications supported by Zscaler AI/ML. The parent of device classification is device category.
' operationId: getClassifications parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: successful operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IotItemInfo' description: '' deprecated: false /iotDiscovery/deviceList: get: tags: - IoT Report summary: getDeviceList description:Retrieve a list of discovered devices with the following key contexts, IP address, location, ML auto-label, classification, category, and type.
operationId: getDeviceList parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: successful operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IotDeviceInfo' - description:Information about all discovered devices.
deprecated: false /locations/{locationId}/sublocations: get: tags: - Location Management summary: getSubLocations description:Gets the sub-location information for the location with the specified ID. These are the sublocations associated to the parent location.
operationId: getSubLocations parameters: - name: locationId in: path description: The unique identifier for the location. The sub-location information given is based on the parent location's ID. required: true style: simple schema: type: integer format: int32 - name: search in: query description: The search string used to partially match against a sub-location's name and port attributes. style: form explode: true schema: type: string - name: sslScanEnabled in: query description:This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Filter based on whether the Enable SSL Scanning setting is enabled or disabled for a sub-location.
style: form explode: true schema: type: boolean - name: xffEnabled in: query description: Filter based on whether the Enforce XFF Forwarding setting is enabled or disabled for a sub-location. style: form explode: true schema: type: boolean - name: authRequired in: query description: Filter based on whether the Enforce Authentication setting is enabled or disabled for a sub-location. style: form explode: true schema: type: boolean - name: bwEnforced in: query description: Filter based on whether Bandwith Control is being enforced for a sub-location. style: form explode: true schema: type: boolean - name: enforceAup in: query description: Filter based on whether Enforce AUP setting is enabled or disabled for a sub-location. style: form explode: true schema: type: boolean - name: enableFirewall in: query description: Filter based on whether Enable Firewall setting is enabled or disabled for a sub-location. style: form explode: true schema: type: boolean - name: enableIOT in: query description:If set to true, the city field (containing IoT-enabled location IDs, names, latitudes, and longitudes) and the iotDiscoveryEnabled filter are included in the response. Otherwise, they are not included.
style: form explode: true schema: type: boolean - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/Location' description: '' deprecated: false /locations/groups: get: tags: - Location Management summary: getLocationGroups description:Gets information on location groups. To learn more, see About Location Groups.
operationId: getLocationGroups parameters: - name: version in: query description: The version parameter is for Zscaler internal use only. The version is used by the service for backup operations. style: form explode: true schema: type: integer format: int32 default: 0 - name: name in: query description: The location group's name. style: form explode: true schema: type: string - name: groupType in: query description: The location group's type (i.e., Static or Dynamic). style: form explode: true schema: type: string - name: comments in: query description: Additional comments or information about the location group. style: form explode: true schema: type: string - name: locationId in: query description: The unique identifier for a location within a location group. style: form explode: true schema: type: integer format: int32 - name: lastModUser in: query description: The admin who modified the location group last. style: form explode: true schema: type: string - name: page in: query description: Specifies the page offset. style: form explode: true schema: type: integer format: int32 default: 1 - name: pageSize in: query description: Specifies the page size. The default size is 100, but the maximum size is 1000. style: form explode: true schema: type: integer format: int32 default: 100 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/LocationGroup' description: '' deprecated: false /locations/groups/count: get: tags: - Location Management summary: getGroupsCount description: Gets the list of location groups for your organization. operationId: getGroupsCount parameters: - name: lastModUser in: query description: The admin who modified the location group last. style: form explode: true schema: type: string - name: version in: query description: The version parameter is for Zscaler internal use only. The version is used by the service for backup operations. style: form explode: true schema: type: integer format: int32 default: 0 - name: name in: query description: The location group's name. style: form explode: true schema: type: string - name: groupType in: query description: The location group's type (i.e., Static or Dynamic). style: form explode: true schema: type: string - name: comments in: query description: Additional comments or information about the location group. style: form explode: true schema: type: string - name: locationId in: query description: The unique identifier for a location within a location group. style: form explode: true schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: integer format: int32 deprecated: false /locations/groups/lite: get: tags: - Location Management summary: getGroupsSummary description: Gets the name and ID dictionary of location groups. operationId: getGroupsSummary parameters: - name: page in: query description: Specifies the page offset. style: form explode: true schema: type: integer format: int32 default: 1 - name: pageSize in: query description: Specifies the page size. The default size is 100, but the maximum size is 1000. style: form explode: true schema: type: integer format: int32 default: 100 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/LocationGroup' - description: Location group information. deprecated: false /locations/groups/lite/{id}: get: tags: - Location Management summary: getGroupSummary description: 'Gets the name and ID dictionary for the specified location group ID. The response only providesid, name, and deleted information. '
operationId: getGroupSummary
parameters:
- name: id
in: path
description: The unique identifier for the location group.
required: true
style: simple
schema:
type: integer
format: int32
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/LocationGroup'
- description: Location group information.
deprecated: false
/locations/groups/{id}:
get:
tags:
- Location Management
summary: getGroupById
description: Gets the location group for the specified ID.
operationId: getGroupById
parameters:
- name: id
in: path
description: The unique identifier for the location group.
required: true
style: simple
schema:
type: integer
format: int32
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/LocationGroup'
- description: Location group information.
deprecated: false
/ruleLabels:
get:
tags:
- Rule Labels
summary: getRuleLabels
description: Gets a list of rule labels. To learn more, see About Rule Labels.
operationId: getRuleLabels
parameters:
- name: page
in: query
description: Specifies the page offset.
style: form
explode: true
schema:
type: integer
format: int32
default: 1
- name: pageSize
in: query
description: Specifies the page size. The default size is 100, but the maximum size is 1000.
style: form
explode: true
schema:
type: integer
format: int32
default: 250
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/RuleLabel'
description: ''
deprecated: false
post:
tags:
- Rule Labels
summary: addRuleLabel
description: Adds a rule label.
operationId: addRuleLabel
parameters:
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RuleLabel'
- description: Rule label information.
deprecated: false
/ruleLabels/{ruleLabelId}:
get:
tags:
- Rule Labels
summary: getRuleLabelById
description: Gets rule label information for the specified ID.
operationId: getRuleLabelById
parameters:
- name: ruleLabelId
in: path
description: The unique identifier for the rule label.
required: true
style: simple
schema:
type: integer
format: int32
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RuleLabel'
- description: Rule label information.
deprecated: false
put:
tags:
- Rule Labels
summary: updateRuleLabel
description: Updates rule label information for the specified ID.
operationId: updateRuleLabel
parameters:
- name: ruleLabelId
in: path
description: The unique identifier for the rule label.
required: true
style: simple
schema:
type: integer
format: int32
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
allOf:
- $ref: '#/components/schemas/RuleLabel'
- description: Rule label information.
deprecated: false
delete:
tags:
- Rule Labels
summary: deleteRuleLabel
description: Deletes the rule label for the specified ID.
operationId: deleteRuleLabel
parameters:
- name: ruleLabelId
in: path
description: The unique identifier for the rule label.
required: true
style: simple
schema:
type: integer
format: int32
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content: {}
deprecated: false
/behavioralAnalysisAdvancedSettings:
get:
tags:
- Sandbox Settings
summary: getCustomFileHash
description: Gets the custom list of MD5 file hashes that are blocked by Sandbox
operationId: getCustomFileHash parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/BaAdvancedSettings' - description: Advanced Sandbox Settings deprecated: false put: tags: - Sandbox Settings summary: updateCustomFileHash description:Updates the custom list of MD5 file hashes that are blocked by Sandbox. This overwrites a previously generated blocklist. If you need to completely erase the blocklist, submit an empty list.
Note: Only the file types that are supported by Sandbox analysis can be blocked using MD5 hashes.
operationId: updateCustomFileHash parameters: [] requestBody: description: '' content: application/json: schema: $ref: '#/components/schemas/BaAdvancedSettings' required: false responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/BaAdvancedSettings' - description: Advanced Sandbox Settings deprecated: false /behavioralAnalysisAdvancedSettings/fileHashCount: get: tags: - Sandbox Settings summary: getCustomFileHashQuota description:Gets the used and unused quota for blocking MD5 file hashes with Sandbox
operationId: getCustomFileHashQuota parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/CustomFileHashQuota' - description: Used and unused quota for blocking MD5 file hashes. deprecated: false /cloudApplications/bulkUpdate: put: tags: - Shadow IT Report summary: bulkUpdateCloudApplication description: Updates application status and tag information for predefined or custom cloud applications based on the IDs specified operationId: bulkUpdateCloudApplication parameters: [] requestBody: description: '' content: application/json: schema: $ref: '#/components/schemas/CloudApplication' required: true responses: '200': description: Successful Operation headers: {} content: {} deprecated: false /cloudApplications/lite: get: tags: - Shadow IT Report summary: getCloudApplicationsLite description: Gets the list of predefined and custom cloud applications operationId: getCloudApplicationsLite parameters: - name: pageNumber in: query description: Specifies the page number. The numbering starts at 0. style: form explode: true schema: type: integer format: int32 default: 0 - name: limit in: query description: Specifies the maximum number of cloud applications that must be retrieved in a page style: form explode: true schema: type: integer format: int32 default: 1000 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/NamedItem' description: '' deprecated: false /customTags: get: tags: - Shadow IT Report summary: getAllCustomTags description: Gets the list of custom tags available to assign to cloud applications operationId: getAllCustomTags parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/CustomTag' description: '' deprecated: false /shadowIT/applications/export: post: tags: - Shadow IT Report summary: getReportDataApplicationsExport description:Export the Shadow IT Report (in CSV format) for the cloud applications recognized by Zscaler based on their usage in your organization. This report lists cloud applications along with a number of parameters including the sanction status for each application, the risk index assigned for the application, application usage details, application hosting information, and application security-related information, such as SSL certificate validity, data encryption (in transit), security certifications, published CVE, involvement in data breaches, etc.
You can generate this report for specific applications by using the application parameter. If no value is specified for this parameter, the report is generated for all cloud applications. You can customize the report by using various filters to show only the cloud applications that match specific parameters. To learn more, see About Shadow IT Report.
operationId: getReportDataApplicationsExport parameters: [] requestBody: description: 'Information used to generate the Shadow IT Report for the cloud applications recognized by Zscaler based on their usage in your organization. The list of fields is as follows:
Note: The duration parameter is required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
ANY, NONE, WEB_MAIL, SOCIAL_NETWORKING, STREAMING, P2P, INSTANT_MESSAGING, WEB_SEARCH, GENERAL_BROWSING, ADMINISTRATION, ENTERPRISE_COLLABORATION, BUSINESS_PRODUCTIVITY, SALES_AND_MARKETING, SYSTEM_AND_DEVELOPMENT, CONSUMER, FILE_SHARE, HOSTING_PROVIDER, IT_SERVICES, DNS_OVER_HTTPS, HUMAN_RESOURCES, LEGAL, HEALTH_CARE, FINANCE, and CUSTOM_CAPP.1, 2, 3, 4, and 5.UN_SANCTIONED, SANCTIONED, and ANY.NONE, RANGE_1_100, RANGE_100_1000, RANGE_1000_10000, and RANGE_10000_INF.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, CSA_STAR, ISO_27001, HIPAA, FISMA, FEDRAMP, SOC2, ISO_27018, PCI_DSS, ISO_27017, SOC1, SOC3, GDPR, CCPA, FERPA, COPPA, HITECH, EU_US_SWISS_PRIVACY_SHIELD, EU_US_PRIVACY_SHIELD_FRAMEWORK, CISP, AICPA, FIPS, SAFE_BIOPHARMA, ISAE_3000, SSAE_18, NIST, ISO_14001, SOC, TRUSTE, ISO_26262, ISO_20252, RGPD, ISO_20243, ISO_10002, JIS_Q_15001_2017, and ISMAP.
YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, UN_KNOWN, BITS_2048, BITS_256, BITS_3072, BITS_384, BITS_4096, and BITS_1024.
Information used to generate the Shadow IT Report for the cloud applications recognized by Zscaler based on their usage in your organization. The list of fields is as follows:
Note: The duration parameter is required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
ANY, NONE, WEB_MAIL, SOCIAL_NETWORKING, STREAMING, P2P, INSTANT_MESSAGING, WEB_SEARCH, GENERAL_BROWSING, ADMINISTRATION, ENTERPRISE_COLLABORATION, BUSINESS_PRODUCTIVITY, SALES_AND_MARKETING, SYSTEM_AND_DEVELOPMENT, CONSUMER, FILE_SHARE, HOSTING_PROVIDER, IT_SERVICES, DNS_OVER_HTTPS, HUMAN_RESOURCES, LEGAL, HEALTH_CARE, FINANCE, and CUSTOM_CAPP.1, 2, 3, 4, and 5.UN_SANCTIONED, SANCTIONED, and ANY.NONE, RANGE_1_100, RANGE_100_1000, RANGE_1000_10000, and RANGE_10000_INF.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, CSA_STAR, ISO_27001, HIPAA, FISMA, FEDRAMP, SOC2, ISO_27018, PCI_DSS, ISO_27017, SOC1, SOC3, GDPR, CCPA, FERPA, COPPA, HITECH, EU_US_SWISS_PRIVACY_SHIELD, EU_US_PRIVACY_SHIELD_FRAMEWORK, CISP, AICPA, FIPS, SAFE_BIOPHARMA, ISAE_3000, SSAE_18, NIST, ISO_14001, SOC, TRUSTE, ISO_26262, ISO_20252, RGPD, ISO_20243, ISO_10002, JIS_Q_15001_2017, and ISMAP.
YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.YES, NO, and UNKNOWN.Possible values for operation: INCLUDE and EXCLUDE.
Possible values for value: NONE, UN_KNOWN, BITS_2048, BITS_256, BITS_3072, BITS_384, BITS_4096, and BITS_1024.
Export the Shadow IT Report (in CSV format) for the list of users or known locations identified with using the cloud applications specified in the request. This report includes information about each user who has interacted with the application or the known location from where the application is accessed, application category, application usage details, the number of transactions made, last accessed time, etc.
You can customize the report per your requirements by using various filters. To learn more, see About Application Information.
operationId: getReportTransactionsExport parameters: - name: entity in: path description:Indicates whether the Shadow IT Report must be generated to retrieve the list of users who have interacted with a cloud application or the known locations where the cloud application is accessed
required: true style: simple schema: allOf: - $ref: '#/components/schemas/entity1' - description:Indicates whether the Shadow IT Report must be generated to retrieve the list of users who have interacted with a cloud application or the known locations where the cloud application is accessed
requestBody: description: 'Information used to generate the Shadow IT Report for the list of users that have interacted with a specific cloud application or the known locations where the cloud application is accessed. The list of fields is as follows:
Note: The duration and application parameters are required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.application: (Required) The cloud application for which user or location data must be retrieved.
Note: Only one cloud application can be specified at a time in this field.
Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
Information used to generate the Shadow IT Report for the list of users that have interacted with a specific cloud application or the known locations where the cloud application is accessed. The list of fields is as follows:
Note: The duration and application parameters are required in the request body.
LAST_1_DAYS, LAST_7_DAYS, LAST_15_DAYS, LAST_MONTH, and LAST_QUARTER.application: (Required) The cloud application for which user or location data must be retrieved.
Note: Only one cloud application can be specified at a time in this field.
Possible values for on: RISK_SCORE, APPLICATION, APPLICATION_CATEGORY, SANCTIONED_STATE, TOTAL_BYTES, UPLOAD_BYTES, DOWNLOAD_BYTES, AUTHENTICATED_USERS, TRANSACTION_COUNT, UNAUTH_LOCATION, and LAST_ACCESSED.
Possible values for by: INCREASING and DECREASING.
Adds a GRE tunnel configuration.
Note: Specifying withinCountryOnly or subcloud parameter is mandatory if this endpoint uses a virtual IP address (VIP) retrieved by passing either of these parameters in GET /vips/recommendedList.
Gets the IPv6 configuration details for the organization. For information about IPv6 support, see Understanding IPv6 Support.
operationId: getIPv6Configuration parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/IPv6Configuration' - description: IPv6 configuration details. deprecated: false /ipv6config/dns64prefix: get: tags: - Traffic Forwarding summary: getDns64Prefixes description:Gets the list of NAT64 prefixes configured as the DNS64 prefix for the organization. To learn more, see About the DNS64 Prefix.
operationId: getDns64Prefixes
parameters:
- name: search
in: query
description: The search string used to match against a DNS64 prefix’s name, description, or prefixMask attributes.
style: form
explode: true
schema:
type: string
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/IPv6PrefixMask'
description: ''
deprecated: false
/ipv6config/nat64prefix:
get:
tags:
- Traffic Forwarding
summary: getNat64Prefixes
description:
Gets the list of NAT64 prefixes configured for the organization. The prefix which has the dnsPrefix field set to true is identified as the DNS64 prefix. To learn more, see About NAT64 Prefixes.
name, description, or prefixMask attributes.
style: form
explode: true
schema:
type: string
- name: page
in: query
description: Specifies the page offset.
style: form
explode: true
schema:
type: integer
format: int32
default: 1
- name: pageSize
in: query
description: Specifies the page size. The default size is 100 and the maximum size is 1000.
style: form
explode: true
schema:
type: integer
format: int32
default: 500
- name: Content-Type
in: header
description: ''
required: true
style: simple
schema:
$ref: '#/components/schemas/Content-Type'
responses:
'200':
description: Successful Operation
headers: {}
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/IPv6PrefixMask'
description: ''
deprecated: false
/orgProvisioning/ipGreTunnelInfo:
get:
tags:
- Traffic Forwarding
summary: getIPGWDetails
description: Gets a list of IP addresses with GRE tunnel details.
operationId: getIPGWDetails parameters: - name: ipAddresses in: query description: Filter based on an IP address range. style: form explode: true schema: type: array items: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/IpDetails' description: '' deprecated: false /region/byGeoCoordinates: get: tags: - Traffic Forwarding summary: getRegionByGeoCoordinates description:Retrieves the geographical data of the region or city that is located in the specified latitude and longitude coordinates. The geographical data includes the city name, state, country, geographical ID of the city and state, etc.
operationId: getRegionByGeoCoordinates parameters: - name: latitude in: query description: The latitude coordinate of the city or region required: true style: form explode: true schema: type: number format: double - name: longitude in: query description: The longitude coordinate of the city or region required: true style: form explode: true schema: type: number format: double responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/RegionInfo' - description: Information about a region or a city deprecated: false /region/byIPAddress/{ip}: get: tags: - Traffic Forwarding summary: getRegionBySrcIPAddress description:Retrieves information about the geo-location of the specified IP address, including the city, state, and country of location, geographical ID of the city and state, postal code, etc.
operationId: getRegionBySrcIPAddress parameters: - name: ip in: path description: The IP address for which you want to retrieve the geo-location and other geographical data. required: true style: simple schema: type: string responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/RegionInfo' - description: Information about a region or a city deprecated: false /region/search: get: tags: - Traffic Forwarding summary: getRegionsByPrefix description:Retrieves the list of cities (along with their geographical data) that match the prefix search. The geographical data includes the latitude and longitude coordinates of the city, geographical ID of the city and state, country, postal code, etc.
operationId: getRegionsByPrefix parameters: - name: prefix in: query description: 'The string used in the prefix search of the city or region. The prefix can contain names of city, state, country in the following format: city name, state name, country name. A phrase for city name is mandatory, whereas the state and country names can be optionally provided to narrow down the search results.
Gets a paginated list of the virtual IP addresses (VIPs) available in the Zscaler cloud, including region and data center information. By default, the request gets all public VIPs in the cloud, but you can also include private or all VIPs in the request, if necessary.
operationId: getZscalerNodesDetails parameters: - name: dc in: query description: Filter based on data center. style: form explode: true schema: type: string - name: region in: query description: Filter based on region. style: form explode: true schema: type: string - name: page in: query description: Specifies the page offset. style: form explode: true schema: type: integer format: int32 default: 1 - name: pageSize in: query description: Specifies the page size. The default size is 100, but the maximum size is 1000. style: form explode: true schema: type: integer format: int64 default: 100 - name: include in: query description: Include all, private, or public VIPs in the list. style: form explode: true schema: allOf: - $ref: '#/components/schemas/include1' - description: Include all, private, or public VIPs in the list. - name: subcloud in: query description: Filter based on the subcloud for the VIP. To learn more see, About Subcloud. style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/PublicNode' description: '' deprecated: false /vips/groupByDatacenter: get: tags: - Traffic Forwarding summary: getRecommendedVipsGroupedByDC description: Gets a list of recommended GRE tunnel virtual IP addresses (VIPs), grouped by data center, based on source IP address or latitude/longitude coordinates. operationId: getRecommendedVipsGroupedByDC parameters: - name: routableIP in: query description: The routable IP address. style: form explode: true schema: type: boolean default: true - name: withinCountryOnly in: query description: Search within country only. style: form explode: true schema: type: boolean default: false - name: includePrivateServiceEdge in: query description: Include ZIA Private Service Edge VIPs. style: form explode: true schema: type: boolean default: true - name: includeCurrentVips in: query description: Include currently assigned VIPs. style: form explode: true schema: type: boolean default: true - name: sourceIp in: query description: The source IP address. style: form explode: true schema: type: string - name: latitude in: query description: The latitude coordinate of the GRE tunnel source. style: form explode: true schema: type: number format: double - name: longitude in: query description: The longitude coordinate of the GRE tunnel source. style: form explode: true schema: type: number format: double - name: subcloud in: query description: The subcloud for the VIP. To learn more see, About Subcloud. style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/DatacenterVips' description: '' deprecated: false /vips/recommendedList: get: tags: - Traffic Forwarding summary: getRecommendedGreVips description: Gets a list of recommended GRE tunnel virtual IP addresses (VIPs), based on source IP address or latitude/longitude coordinates. operationId: getRecommendedGreVips parameters: - name: routableIP in: query description: The routable IP address. style: form explode: true schema: type: boolean default: true - name: withinCountryOnly in: query description: Search within country only. style: form explode: true schema: type: boolean default: false - name: includePrivateServiceEdge in: query description: Include ZIA Private Service Edge VIPs. style: form explode: true schema: type: boolean default: true - name: includeCurrentVips in: query description: Include currently assigned VIPs. style: form explode: true schema: type: boolean default: true - name: sourceIp in: query description: The source IP address. style: form explode: true schema: type: string - name: latitude in: query description: The latitude coordinate of the GRE tunnel source. style: form explode: true schema: type: number format: double - name: longitude in: query description: The longitude coordinate of the GRE tunnel source. style: form explode: true schema: type: number format: double - name: subcloud in: query description: The subcloud for the VIP. To learn more see, About Subcloud. style: form explode: true schema: type: string - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/GreVirtualIp' description: '' deprecated: false /urlFilteringRules: get: tags: - URL Filtering Policies summary: getRules description:Gets a list of all of URL Filtering Policy rules.
operationId: GetgetRules parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: type: array items: $ref: '#/components/schemas/UrlFilteringRule' description: '' deprecated: false post: tags: - URL Filtering Policies summary: addRule description:Adds a URL Filtering Policy rule.
If you are using the Admin Rank feature, refer to About Admin Rank to determine which value to provide for rank when adding a policy rule. If you are not using Admin Rank, the rank value must be 7.
Gets the URL Filtering Policy rule for the specified ID.
operationId: GetgetRuleById parameters: - name: ruleId in: path description: The unique identifier for the URL Filtering Policy rule. required: true style: simple schema: type: integer format: int32 - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: allOf: - $ref: '#/components/schemas/UrlFilteringRule' - description: URL Filtering Rule deprecated: false put: tags: - URL Filtering Policies summary: updateRule description:Updates the URL Filtering Policy rule for the specified ID.
If you are using the Admin Rank feature, refer to About Admin Rank to determine which value to provide for rank when adding a policy rule. If you are not using Admin Rank, the rank value must be 7.
Gets a list of URLs that were exempted from cookie authentication. To learn more, see URL Format Guidelines.
' operationId: getAuthExemptedUrls parameters: - name: Content-Type in: header description: '' required: true style: simple schema: $ref: '#/components/schemas/Content-Type' responses: '200': description: Successful Operation headers: {} content: application/json: schema: $ref: '#/components/schemas/Urls' deprecated: false post: tags: - User Authentication Settings summary: updateAuthExemptedUrls description:Adds a URL to or removes a URL from the cookie authentication exempt list. To add a URL to the list, set the action parameter to ADD_TO_LIST. To remove a URL, set action to REMOVE_FROM_LIST.
The admin role specifies an admin's level of access to the Zscaler Admin Portal.
AdminUser: title: AdminUser required: - loginName - userName - email type: object properties: id: type: integer description: Admin or auditor's user ID. format: int32 loginName: type: string description:Admin or auditor's login name. loginName is in email format and uses the domain name associated to the Zscaler account.
userName: type: string description: Admin or auditor's username. email: type: string description: Admin or auditor's email address. role: $ref: '#/components/schemas/Role' comments: type: string description: Additional information about the admin or auditor. adminScope: $ref: '#/components/schemas/AdminScope2' isNonEditable: type: boolean description: Indicates whether or not the admin can be edited or deleted. default: false disabled: type: boolean description: Indicates whether or not the admin account is disabled. isAuditor: type: boolean description: Indicates whether the user is an auditor. This attribute is subject to change. default: false password: type: string description: The admin's password. If admin single sign-on (SSO) is disabled, then this field is mandatory for POST requests. This information is not provided in a GET response." isPasswordLoginAllowed: type: boolean description: The default is true when SAML Authentication is disabled. When SAML Authentication is enabled, this can be set to false in order to force the admin to login via SSO only. default: false isSecurityReportCommEnabled: type: boolean description: Communication for Security Report is enabled. default: false isServiceUpdateCommEnabled: type: boolean description: Communication setting for Service Update. default: false isProductUpdateCommEnabled: type: boolean description: Communication setting for Product Update. default: false isPasswordExpired: type: boolean description: Indicates whether or not an admin's password has expired. default: false isExecMobileAppEnabled: type: boolean description: Indicates whether or not Executive Insights App access is enabled for the admin. default: false execMobileAppTokens: type: array items: $ref: '#/components/schemas/MobileAppTokenInfo' description: Read-only information about a Executive Insights App token, if it exists. description: Admin and auditor information. User: title: User required: - name - email - groups - department - password type: object properties: id: type: integer description: User ID format: int32 readOnly: true name: type: string description: 'User name. This appears when choosing users for policies.
Note: The name field allows values containing UTF-8 characters up to a maximum of 127 characters.
' email: type: string description: 'User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
Note: The email field allows values of alphanumeric characters and certain special characters up to a maximum of 127 characters. The use of the @ symbol is mandatory. This field corresponds to the User ID (also referred to as Login ID) field in the UI. However, the data validation in the UI uses different constraints.
zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
description: This is an immutable reference to an entity. which mainly consists of id and name
AdminScope:
title: AdminScope
type: object
properties:
scopeGroupMemberEntities:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Only applicable for the LOCATION_GROUP admin scope type, in which case this attribute gives the list of ID/name pairs of locations within the location group. The attribute name is subject to change.
Type:
$ref: '#/components/schemas/Type'
ScopeEntities:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Based on the admin scope type, the entities can be the ID/name pair of departments, locations, or location groups. The attribute name is subject to change.
description: An admin's scope can be limited to certain resources, policies, or reports. An admin's scope can be limited by LOCATION, LOCATION GROUP, or DEPARTMENT. If this is not specified, then the admin has an ORGANIZATION scope by default.
MobileAppTokenInfo:
title: MobileAppTokenInfo
type: object
properties:
cloud:
type: string
orgId:
type: integer
format: int32
name:
type: string
tokenId:
type: string
token:
type: string
tokenExpiry:
type: integer
format: int64
createTime:
type: integer
format: int64
deviceId:
type: string
deviceName:
type: string
description: Executive Insights App device token information.
Group:
title: Group
required:
- id
- name
type: object
properties:
id:
type: integer
description: Unique identfier for the group
format: int32
name:
type: string
description: Group name
idpId:
type: integer
description: Unique identfier for the identity provider (IdP)
format: int64
comments:
type: string
description: Additional information about the group
Department:
title: Department
required:
- id
- name
type: object
properties:
id:
type: integer
description: Department ID
format: int32
name:
type: string
description: Department name
idpId:
type: integer
description: Identity provider (IdP) ID
format: int64
comments:
type: string
description: Additional information about this department
deleted:
type: boolean
default: false
BrowserIsolationProfile:
title: BrowserIsolationProfile
type: object
properties:
id:
type: string
description: The universally unique identifier (UUID) for the browser isolation profile
name: type: string description:Name of the browser isolation profile
url: type: string description:The browser isolation profile URL
defaultProfile: type: boolean description:(Optional) Indicates whether this is a default browser isolation profile. Zscaler sets this field.
description:Information about browser isolation profile. To learn more, see What Is Isolation? and Creating Isolation Profiles for ZIA.
DlpDictionaryDom: title: DlpDictionaryDom type: object properties: id: type: integer description: Unique identifier for the DLP dictionary format: int32 readOnly: true name: type: string description: The DLP dictionary's name description: type: string description: The description of the DLP dictionary confidenceThreshold: $ref: '#/components/schemas/ConfidenceThreshold' predefinedCountActionType: $ref: '#/components/schemas/PredefinedCountActionType' dictionaryCloningEnabled: type: boolean description:A Boolean constant that indicates that the cloning option is supported for the DLP dictionary using the true value. This field is applicable only to predefined DLP dictionaries.
readOnly: true proximityEnabledForCustomDictionary: type: boolean description: 'A Boolean constant that indicates if proximity length is enabled or disabled for a custom DLP dictionary. A true value indicates that proximity length is enabled, whereas a false value indicates that it is disabled.
Note: This field is applicable only for specific custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option. For predefined DLP dictionaries, this field value is always set to false.
' phrases: type: array items: $ref: '#/components/schemas/DictionaryPhraseActionString' description: List containing the phrases used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries. customPhraseMatchType: $ref: '#/components/schemas/CustomPhraseMatchType' customPhraseSupported: type: boolean description:A Boolean constant that indicates that custom phrases are supported for the DLP dictionary using the true value. This field is applicable only to predefined DLP dictionaries with a high confidence score threshold.
readOnly: true patterns: type: array items: $ref: '#/components/schemas/DictionaryPatternActionString' description: List containing the patterns used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries nameL10nTag: type: boolean description: Indicates whether the name is localized or not. This is always set to True for predefined DLP dictionaries. readOnly: true thresholdType: allOf: - $ref: '#/components/schemas/ThresholdType' - {} readOnly: true dictionaryType: $ref: '#/components/schemas/DictionaryType' exactDataMatchDetails: type: array items: $ref: '#/components/schemas/ExactDataMatchDetail' description: Exact Data Match (EDM) related information for custom DLP dictionaries. hierarchicalDictionary: type: boolean description: A true value indicates that the DLP dictionary is of hierarchical type that includes sub-dictionaries. A false value indicates that the dictionary is not hierarchical. readOnly: true hierarchicalIdentifiers: type: array items: type: string description: 'The list of identifiers selected within a DLP dictionary of hierarchical type. Each identifier represents a sub-dictionary that consists of specific patterns. To retrieve the list of identifiers that are available for selection within a specific hierarchical dictionary, send a GET request to /dlpDictionaries/{dictId}/predefinedIdentifiers.
To learn about hierarchical dictionaries, see Configuring the URL Filtering Policy.
Note: This field is applicable to predefined hierarchical dictionaries, such as the Driver’s License (United States), Passport Number (European Union), and Credentials and Secrets dictionaries or their clones.
' idmProfileMatchAccuracy: type: array items: $ref: '#/components/schemas/IdmProfileMatchAccuracyDetail' description: List of Indexed Document Match (IDM) profiles and their corresponding match accuracy for custom DLP dictionaries. ignoreExactMatchIdmDict: type: boolean description: Indicates whether to exclude documents that are a 100% match to already-indexed documents from triggering an Indexed Document Match (IDM) Dictionary. includeBinNumbers: type: boolean description: 'A true value denotes that the specified Bank Identification Number (BIN) values are included in the Credit Cards dictionary. A false value denotes that the specified BIN values are excluded from the Credit Cards dictionary.
Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.
' binNumbers: type: array items: type: integer format: int32 description: 'The list of Bank Identification Number (BIN) values that are included or excluded from the Credit Cards dictionary. BIN values can be specified only for Diners Club, Mastercard, RuPay, and Visa cards. Up to 512 BIN values can be configured in a dictionary.
Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.
' dictTemplateId: type: integer description:ID of the predefined dictionary (original source dictionary) that is used for cloning. This field is applicable only to cloned dictionaries. Only a limited set of identification-based predefined dictionaries (e.g., Credit Cards, Social Security Numbers, National Identification Numbers, etc.) can be cloned. Up to 4 clones can be created from a predefined dictionary.
format: int32 predefinedClone: type: boolean description:This field is set to true if the dictionary is cloned from a predefined dictionary. Otherwise, it is set to false.
readOnly: true proximity: type: integer description: 'The DLP dictionary proximity length that defines how close a high confidence phrase must be to an instance of the pattern (that the dictionary detects) to count as a match.
Note: Proximity length is supported only for specific predefined DLP dictionaries with a high confidence score threshold and custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option.
' format: int32 custom: type: boolean description: This value is set to true for custom DLP dictionaries. readOnly: true proximityLengthEnabled: type: boolean description: 'A Boolean constant that indicates whether the proximity length option is supported for a DLP dictionary or not. A true value indicates that the proximity length option is supported, whereas a false value indicates that it is not supported.
Note: Proximity length is supported only for specific predefined DLP dictionaries with a high confidence score threshold and custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option.
' readOnly: true description:A DLP dictionary contains a set of patented algorithms that are designed to detect specific kinds of information in user traffic. For a list of and information on all predefined dictionaries, see About DLP Dictionaries.
You can modify predefined DLP dictionaries or create custom dictionaries for content that is not properly covered by them. For example, using the cloud service API, you can create custom DLP dictionaries that trigger based on specific patterns and phrases. To learn more, see Adding Custom DLP Dictionaries, Defining Patterns for Custom DLP Dictionaries, and Defining Phrases for Custom DLP Dictionaries. You can also create custom DLP dictionaries based on Exact Data Match (EDM) or Indexed Document Match (IDM). To learn more, see About Exact Data Match and see About Indexed Document Match.
SMMsgStatusInfo: title: SMMsgStatusInfo type: object properties: status: type: string errPosition: type: integer format: int32 errMsg: type: string errParameter: type: string errSuggestion: type: string idList: type: array items: type: integer format: int32 description: '' description: Error message information that is returned when an invalid pattern is identified within a custom DLP dictionary DlpEngineDom: title: DlpEngineDom type: object properties: id: type: integer description: The unique identifier for the DLP engine. format: int32 name: type: string description: The DLP engine name as configured by the admin. This attribute is required in POST and PUT requests for custom DLP engines. predefinedEngineName: type: string description: The name of the predefined DLP engine. readOnly: true engineExpression: type: string description:The logical expression that defines a DLP engine by combining DLP dictionaries using logical operators, namely All (AND), Any (OR), Exclude (NOT), and Sum (the total number of content matches). To learn more about DLP engine expressions, see Understanding DLP Engines.
Engine expression examples:
((D63.S > 1))((D38.S > 1) AND (D63.S > 1))((D38.S > 1) OR (D63.S > 1))((D38.S > 0) AND ( NOT ( (D61.S > 0) ) )(SUM(D63.S, D38.S) > 3)In the preceding examples, 63 represents the ID of the Credit Cards dictionary ID, 61 is the Financial Statements ID, and 38 is the ABA Bank Routing Numbers dictionary ID. Each dictionary ID is wrapped around by a prefix (D) and a suffix (.S).
customDlpEngine: type: boolean description: Indicates whether this is a custom DLP engine. If this value is set to true, the engine is custom. description: type: string description: The DLP engine's description. description: DLP engine information. DlpEngineExpValidationResponse: title: DlpEngineExpValidationResponse type: object properties: status: type: string description: DLP engine expression validation status errMsg: type: string description: Error message from DLP engine expression validation errParameter: type: string description: Error parameter in the DLP engine expression errSuggestion: type: string description: Suggestion for error correction description: Error message information that is returned when a DLP engine expression is invalid. AdvancedDataProtectionSchema: title: AdvancedDataProtectionSchema type: object properties: schemaId: type: integer description: The identifier (1-65519) for the EDM schema (i.e., EDM template) that is unique within the organization. format: int32 readOnly: true edmClient: $ref: '#/components/schemas/EdmClient' projectName: type: string description: The EDM schema (i.e., EDM template) name. This attribute is ignored by PUT requests, but required for POST requests. revision: type: integer description: The revision number of the CSV file upload to the Index Tool. This attribute is required by PUT requests. format: int32 filename: type: string description: The generated filename, excluding the extention. readOnly: true originalFileName: type: string description: The name of the CSV file uploaded to the Index Tool. This attribute is required by PUT and POST requests. fileUploadStatus: $ref: '#/components/schemas/FileUploadStatus' origColCount: type: integer description: The total count of actual columns selected from the CSV file. This attribute is required by PUT and POST requests. format: int32 lastModifiedBy: allOf: - $ref: '#/components/schemas/LastModifiedBy' - {} readOnly: true lastModifiedTime: type: integer description: Timestamp when the EDM schema (i.e., EDM template) was last modified. Ignored if the request is PUT, POST, or DELETE. format: int32 readOnly: true createdBy: allOf: - $ref: '#/components/schemas/CreatedBy' - {} readOnly: true cellsUsed: type: integer description: The total number of cells used by the EDM schema (i.e., EDM template). format: int64 readOnly: true schemaActive: type: boolean description: Indicates the status of a specified EDM schema (i.e., EDM template). If this value is set to true, the schema is active and can be used by DLP dictionaries. readOnly: true tokenList: type: array items: $ref: '#/components/schemas/AdvancedDataProtectionSchemaToken' description: The list of tokens (or criteria) to match against. Up to 16 tokens can be selected for data matching. This attribute is required by PUT and POST requests. schedulePresent: type: boolean description: Indicates whether the EDM schema (i.e., the EDM template configured using the Index Tool) has a schedule. readOnly: true schedule: allOf: - $ref: '#/components/schemas/Schedule' - {} readOnly: true description: Exact Data Match (EDM) template (i.e., schema) information. AdvancedDataProtectionSchemaLite: title: AdvancedDataProtectionSchemaLite type: object properties: schema: allOf: - $ref: '#/components/schemas/Schema' - {} readOnly: true tokens: uniqueItems: true type: array items: $ref: '#/components/schemas/AdvancedDataProtectionSchemaToken' description: The tokens (or criteria) used by the EDM schema (i.e., EDM template). readOnly: true description: Exact Data Match (EDM) template (i.e., schema) information retrieved by /dlpExactDataMatchSchemas/lite. DlpNotificationTemplate: title: DlpNotificationTemplate required: - name - subject - plainTextMessage - htmlMessage type: object properties: id: type: integer description: The unique identifier for a DLP notification template. format: int32 name: type: string description: The DLP notification template name. subject: type: string description: The Subject line that is displayed within the DLP notification email. attachContent: type: boolean description: If set to true, the content that is violation is attached to the DLP notification email. plainTextMessage: type: string description: The template for the plain text UTF-8 message body that must be displayed in the DLP notification email. htmlMessage: type: string description: The template for the HTML message body that must be displayed in the DLP notification email. description: DLP notification template information. ICAPServer: title: ICAPServer required: - name - url - status type: object properties: id: type: integer description: The unique identifier for a DLP server. format: int32 name: type: string description: The DLP server name. url: type: string description: The DLP server URL. status: $ref: '#/components/schemas/Status' description: DLP server (i.e., servers using ICAP) information. IdmProfile: title: IdmProfile type: object properties: profileId: type: integer description: The identifier (1-64) for the IDM template (i.e., IDM profile) that is unique within the organization. format: int32 readOnly: true profileName: type: string description: The IDM template name, which is unique per Index Tool. profileDesc: type: string description: The IDM template's description. profileType: $ref: '#/components/schemas/ProfileType' host: type: string description: The fully qualified domain name (FQDN) of the IDM template's host machine. port: type: integer description: The port number of the IDM template's host machine. format: int32 profileDirPath: type: string description: The IDM template's directory file path, where all files are present. scheduleType: $ref: '#/components/schemas/ScheduleType1' scheduleDay: type: integer description: The day the IDM template is scheduled for. This attribute is required by PUT and POST requests. format: int32 scheduleDayOfMonth: type: array items: type: string description: The day of the month that the IDM template is scheduled for. This attribute is required by PUT and POST requests, and when scheduleType is set to MONTHLY. scheduleDayOfWeek: type: array items: $ref: '#/components/schemas/ScheduleDayOfWeek' description: The day of the week the IDM template is scheduled for. This attribute is required by PUT and POST requests, and when scheduleType is set to WEEKLY. scheduleTime: type: integer description: 'The time of the day (in minutes) that the IDM template is scheduled for. For example: at 3am= 180 mins. This attribute is required by PUT and POST requests.' format: int32 scheduleDisabled: type: boolean description: If set to true, the schedule for the IDM template is temporarily in a disabled state. This attribute is required by PUT requests in order to disable or enable a schedule. uploadStatus: $ref: '#/components/schemas/UploadStatus' userName: type: string description: The username to be used on the IDM template's host machine. version: type: integer description: The version number for the IDM template. format: int32 idmClient: $ref: '#/components/schemas/IdmClient' volumeOfDocuments: type: integer description: The total volume of all the documents associated to the IDM template. format: int64 numDocuments: type: integer description: The number of documents associated to the IDM template. format: int32 lastModifiedTime: type: integer description: The date and time the IDM template was last modified. format: int32 readOnly: true modifiedBy: allOf: - $ref: '#/components/schemas/ModifiedBy' - {} readOnly: true description: Indexed Document Match (IDM) template (or profile) information. IdmProfileSummary: title: IdmProfileSummary type: object properties: profileId: type: integer description: The unique identifier for the IDM template (i.e., IDM profile). format: int32 templateName: type: string description: The IDM template name. clientVm: $ref: '#/components/schemas/ClientVm' numDocuments: type: integer description: The number of documents. format: int32 lastModified: type: integer description: The timestamp the IDM template was last modified. format: int32 modifiedBy: $ref: '#/components/schemas/ModifiedBy' description: IDM template (i.e., IDM profile) summary information. IncidentReceiverServer: title: IncidentReceiverServer required: - name - url - status type: object properties: id: type: integer description: The unique identifier for the Incident Receiver. format: int32 name: type: string description: The Incident Receiver server name. url: type: string description: The Incident Receiver server URL. status: $ref: '#/components/schemas/Status1' flags: type: integer description: The Incident Receiver server flag. format: int32 description: Zscaler Incident Receiver information. WebDlpRule: title: WebDlpRule type: object properties: accessControl: allOf: - $ref: '#/components/schemas/AccessControl' - {} readOnly: true id: type: integer description: The unique identifier for the DLP policy rule. format: int32 order: type: integer description: The rule order of execution for the DLP policy rule with respect to other rules. format: int32 protocols: type: array items: $ref: '#/components/schemas/Protocol' description: The protocol criteria specified for the DLP policy rule. rank: type: integer description: The admin rank of the admin who created the DLP policy rule. format: int32 description: type: string description: The description of the DLP policy rule. locations: type: array items: $ref: '#/components/schemas/EntityReference' description: The Name-ID pairs of locations to which the DLP policy rule must be applied. locationGroups: type: array items: $ref: '#/components/schemas/EntityReference' description: The Name-ID pairs of locations groups to which the DLP policy rule must be applied. groups: type: array items: $ref: '#/components/schemas/EntityReference' description: The Name-ID pairs of groups to which the DLP policy rule must be applied. departments: type: array items: $ref: '#/components/schemas/EntityReference' description: The Name-ID pairs of departments to which the DLP policy rule must be applied. users: type: array items: $ref: '#/components/schemas/EntityReference' description: The Name-ID pairs of users to which the DLP policy rule must be applied. workloadGroups: type: array items: $ref: '#/components/schemas/WorkloadGroup' description: The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups. urlCategories: type: array items: $ref: '#/components/schemas/EntityReference' description: The list of URL categories to which the DLP policy rule must be applied. dlpEngines: type: array items: $ref: '#/components/schemas/EntityReference' description: The list of DLP engines to which the DLP policy rule must be applied. includedDomainProfiles: type: array items: $ref: '#/components/schemas/EntityReference' description: The list of domain profiles that must be added to the DLP rule criteria in order to apply the DLP rules only to domains that are part of the specified profiles. A maximum of 8 profiles can be selected. excludedDomainProfiles: type: array items: $ref: '#/components/schemas/EntityReference' description: The list of domain profiles that must be added to the DLP rule criteria in order to apply the DLP rules to all domains excluding the domains that are part of the specified profiles. A maximum of 8 profiles can be selected. severity: $ref: '#/components/schemas/Severity' parentRule: type: integer description: 'The unique identifier of the parent rule under which an exception rule is added.
Note: Exception rules can be configured only when the inline DLP rule evaluation type is set to evaluate all DLP rules in the DLP Advanced Settings. To learn more, see Configuring DLP Advanced Settings.
' format: int32 subRules: type: array items: type: object description:The list of exception rules added to a parent rule.
Note:
WebDlpRule model are applicable to the sub-rules. Values for each rule are specified by using the WebDlpRule object.The list of file types for which the DLP policy rule must be applied.
Note:
If this field is set to true, Zscaler Client Connector notification is enabled for the block action triggered by the web DLP rule. If this field is set to false, Zscaler Client Connector notification is disabled.
Note: This field can be configured only if the Web DLP Violation end user notification is enabled.
' description: DLP policy rule information. DictionaryPhraseActionString: title: DictionaryPhraseActionString type: object properties: action: $ref: '#/components/schemas/Action' phrase: type: string description: DLP dictionary phrase description: DLP dictionary phrase and action DictionaryPatternActionString: title: DictionaryPatternActionString type: object properties: action: $ref: '#/components/schemas/Action1' pattern: type: string description: DLP dictionary pattern description: DLP dictionary pattern and action ExactDataMatchDetail: title: ExactDataMatchDetail type: object properties: dictionaryEdmMappingId: type: integer description: The unique identifier for the EDM mapping. format: int32 schemaId: type: integer description: The unique identifier for the EDM template (or schema). format: int32 primaryField: type: integer description: The EDM template's primary field. format: int32 secondaryFields: type: array items: type: integer format: int32 description: The EDM template's secondary fields. secondaryFieldMatchOn: $ref: '#/components/schemas/SecondaryFieldMatchOn' description: Exact Data Match (EDM) details. IdmProfileMatchAccuracyDetail: title: IdmProfileMatchAccuracyDetail type: object properties: adpIdmProfile: $ref: '#/components/schemas/AdpIdmProfile' matchAccuracy: $ref: '#/components/schemas/MatchAccuracy' description: Indexed Document Match (IDM) template (or profile) match accuracy details. AdvancedDataProtectionSchemaToken: title: AdvancedDataProtectionSchemaToken type: object properties: name: type: string description: The token (i.e., criteria) name. This attribute is required by PUT and POST requests. type: type: string primaryKey: type: boolean description: Indicates whether the token is a primary key. originalColumn: type: integer description: The column position for the token in the original CSV file uploaded to the Index Tool, starting from 1. This attribue required by PUT and POST requests. format: int32 hashfileColumnOrder: type: integer description: The column position for the token in the hashed file, starting from 1. format: int32 readOnly: true colLengthBitmap: type: integer description: The length of the column bitmap in the hashed file. format: int64 readOnly: true description: Exact Data Match (EDM) template (i.e., schema) token (or criteria) information. AdvancedDataProtectionSchemaSchedule: title: AdvancedDataProtectionSchemaSchedule type: object properties: scheduleType: $ref: '#/components/schemas/ScheduleType' scheduleDayOfMonth: type: array items: type: string description: The day of the month the EDM schema (i.e., EDM template) is scheduled for. This attribute is required by PUT and POST requests, and if the scheduleType is set to MONTHLY. scheduleDayOfWeek: type: array items: $ref: '#/components/schemas/ScheduleDayOfWeek' description: The day of the week the EDM schema (i.e., EDM template) is scheduled for. This attribute is required by PUT and POST requests, and if the scheduleType is set to WEEKLY. scheduleTime: type: integer description: 'The time of the day (in minutes) that the EDM schema (i.e., EDM template) is scheduled for. For example: at 3am= 180 mins. This attribute is required by PUT and POST requests.' format: int32 scheduleDisabled: type: boolean description: If set to true, the schedule for the EDM schema (i.e., EDM template) is temporarily in a disabled state. This attribute is required by PUT requests in order to disable or enable a schedule. description: Exact Data Match (EDM) template (i.e., schema) schedule information. WorkloadGroup: title: WorkloadGroup type: object properties: id: type: integer description: A unique identifier assigned to the workload group format: int32 name: type: string description: The name of the workload group description: type: string description: The description of the workload group expressionJson: $ref: '#/components/schemas/WorkloadTagExpression' expression: type: string description: The workload group expression containing tag types, tags, and their relationships. lastModifiedTime: type: integer description: Timestamp when the workload group was last modified format: int32 lastModifiedBy: $ref: '#/components/schemas/LastModifiedBy' description: Workload group information WorkloadTagExpression: title: WorkloadTagExpression type: object properties: expressionContainers: type: array items: $ref: '#/components/schemas/ExpressionContainer' description: Contains one or more tag types (and associated tags) combined using logical operators within a workload group ExpressionContainer: title: ExpressionContainer type: object properties: tagType: $ref: '#/components/schemas/TagType' operator: $ref: '#/components/schemas/Operator' tagContainer: $ref: '#/components/schemas/TagContainer2' description: One or more tag types (and associated tags) combined using logical operators within a workload group TagContainer: title: TagContainer type: object properties: tags: type: array items: $ref: '#/components/schemas/Tag' description: 'One or more tags, each consisting of a key-value pair, selected within a tag type. If multiple tags are present within a tag type, they are combined using a logical operator.
Note: A maximum of 8 tags can be added to a workload group, irrespective of the number of tag types present.
' operator: $ref: '#/components/schemas/Operator1' description: One or more tags combined using logical operators within a tag type Tag: title: Tag type: object properties: key: type: string description: The key component present in the key-value pair contained in a tag value: type: string description: The value component present in the key-value pair contained in a tag description: The list of tags (key-value pairs) selected within a tag type DeviceGroup: title: DeviceGroup type: object properties: id: type: integer description: The unique identifer for the device group. format: int32 name: type: string description: The device group name. groupType: $ref: '#/components/schemas/DeviceGroupType' description: type: string description: The device group's description. osType: type: string description: The operating system (OS). predefined: type: boolean description: Indicates whether this is a predefined device group. If this value is set to true, the group is predefined. readOnly: true deviceCount: type: integer description: The number of devices within the group. format: int32 description: Device group information. Device: title: Device type: object properties: id: type: integer description: The unique identifier for the device. format: int32 name: type: string description: The device name. deviceGroupType: $ref: '#/components/schemas/DeviceGroupType' deviceModel: type: string description: The device model. osType: $ref: '#/components/schemas/OsType' osVersion: type: string description: The operating system version. description: type: string description: The device's description. ownerUserId: type: integer description: The unique identifier of the device owner (i.e., user). format: int32 ownerName: type: string description: The device owner's user name. hostName: type: string description: The hostname of the device. description: Device information. TaskInfo: title: TaskInfo type: object properties: status: $ref: '#/components/schemas/Status2' progressItemsComplete: type: integer description: Number of items processed format: int32 progressEndTime: type: integer description: End time format: int64 errorMessage: type: string description: Error message errorCode: type: string EventLogEntryRequest: title: EventLogEntryRequest type: object properties: startTime: type: integer description: Start time for event log entry format: int64 endTime: type: integer description: End time for event log entry format: int64 page: type: integer description: Specifies the page offset format: int32 pageSize: type: integer description: Specifies the page size format: int32 category: type: string description: Filters the list based on the category of event log entries subcategories: type: array items: type: string description: Filters the list based on the subcategories within a category of event log entries actionResult: type: string description: Filters the list based on the outcome of the events recorded message: type: string description: The search string used to match against the event log message errorCode: type: string description: The search string used to match against the error code in event log entries statusCode: type: string description: The search string used to match against the status code in event log entries description: Event log report request FirewallFilteringRule: title: FirewallFilteringRule required: - name type: object properties: id: type: integer description: Unique identifier for the Firewall Filtering policy rule format: int32 name: type: string description: Name of the Firewall Filtering policy rule order: type: integer description: Rule order number of the Firewall Filtering policy rule format: int32 rank: type: integer description: Admin rank of the Firewall Filtering policy rule format: int32 locations: type: array items: $ref: '#/components/schemas/EntityReference' description: The locations to which the Firewall Filtering policy rule applies locationGroups: type: array items: $ref: '#/components/schemas/EntityReference' description: The location groups to which the Firewall Filtering policy rule applies departments: type: array items: $ref: '#/components/schemas/EntityReference' description: The departments to which the Firewall Filtering policy rule applies groups: type: array items: $ref: '#/components/schemas/EntityReference' description: The groups to which the Firewall Filtering policy rule applies users: type: array items: $ref: '#/components/schemas/EntityReference' description: The users to which the Firewall Filtering policy rule applies timeWindows: type: array items: $ref: '#/components/schemas/EntityReference' description: The time interval in which the Firewall Filtering policy rule applies workloadGroups: type: array items: $ref: '#/components/schemas/WorkloadGroup' description: The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups. action: $ref: '#/components/schemas/Action3' state: $ref: '#/components/schemas/State1' description: type: string description: Additional information about the rule lastModifiedTime: type: integer description: Timestamp when the rule was last modified. Ignored if the request is POST or PUT. For GET, ignored if or the rule is current version. format: int32 lastModifiedBy: $ref: '#/components/schemas/LastModifiedBy' srcIps: type: array items: type: string description: User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address. srcIpGroups: type: array items: $ref: '#/components/schemas/EntityReference' description: 'Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
Note: For organizations that have enabled IPv6, the srcIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
' sourceCountries: type: array items: type: string description: The list of source countries that must be included or excluded from the rule based on the excludeSrcCountries field value. If no value is set, this field is ignored during policy evaluation and the rule is applied to all source countries. excludeSrcCountries: type: boolean description: Indicates whether the countries specified in the sourceCountries field are included or excluded from the rule. A true value denotes that the specified source countries are excluded from the rule. A false value denotes that the rule is applied to the source countries if there is a match. destAddresses: type: array items: type: string description: List of destination IP addresses for which the rule is applicable. CIDR notation can be used for destination IP addresses. If not set, the rule is not restricted to a specific destination addresses unless specified by destCountries, destIpGroups or destIpCategories. destIpCategories: type: array items: type: string description: IP address categories of destination for which the DNAT rule is applicable. If not set, the rule is not restricted to specific destination IP categories. destCountries: type: array items: type: string description: Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries. destIpGroups: type: array items: $ref: '#/components/schemas/EntityReference' description: 'User-defined destination IP address groups to which the rule is applied. If not set, the rule is not restricted to a specific destination IP address group.
Note: For organizations that have enabled IPv6, the destIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
' nwServices: type: array items: $ref: '#/components/schemas/EntityReference' description: User-defined network services to which the rule is applied. If not set, the rule is not restricted to a specific network service. nwServiceGroups: type: array items: $ref: '#/components/schemas/EntityReference' description: User-defined network service group to which the rule is applied. If not set, the rule is not restricted to a specific network service group. nwApplications: type: array items: type: string description: User-defined network service applications to which the rule is applied. If not set, the rule is not restricted to a specific network service application. nwApplicationGroups: type: array items: $ref: '#/components/schemas/EntityReference' description: User-defined network service application group to which the rule is applied. If not set, the rule is not restricted to a specific network service application group. appServices: type: array items: $ref: '#/components/schemas/EntityReference' description: Application services on which this rule is applied appServiceGroups: type: array items: $ref: '#/components/schemas/EntityReference' description: Application service groups on which this rule is applied devices: type: array items: $ref: '#/components/schemas/EntityReference' description:Name-ID pairs of devices for which rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceGroups: type: array items: $ref: '#/components/schemas/EntityReference' description:Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceTrustLevels: type: array items: $ref: '#/components/schemas/DeviceTrustLevel' description:List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
labels: type: array items: $ref: '#/components/schemas/EntityReference' description: Labels that are applicable to the rule. defaultRule: type: boolean description: If set to true, the default rule is applied default: false predefined: type: boolean description: If set to true, a predefined rule is applied default: false DestinationIpGroup: title: DestinationIpGroup type: object properties: id: type: integer description: Unique identifer for the destination IP group format: int32 name: type: string description: Destination IP group name type: $ref: '#/components/schemas/Type3' addresses: type: array items: type: string description: Destination IP addresses, FQDNs, or wildcard FQDNs added to the group. description: type: string description: Additional information about the destination IP group ipCategories: type: array items: type: string description: Destination IP address URL categories. You can identify destinations based on the URL category of the domain. countries: type: array items: type: string description: Destination IP address counties. You can identify destinations based on the location of a server. isNonEditable: type: boolean description:If set to true, the destination IP address group is non-editable. This field is applicable only to predefined IP address groups, which cannot be modified.
DestinationIpGroup2: title: DestinationIpGroup2 type: object properties: id: type: integer description: Unique identifer for the destination IP group format: int32 name: type: string description: Destination IP group name type: allOf: - $ref: '#/components/schemas/Type3' - {} readOnly: true addresses: type: array items: type: string description: 'Destination FQDNs, domains, or IP addresses within the group. This list must reflect the type of addresses that are specified in thetype attribute. DSTN_FQDN type must contain only FQDNs. DSTN_DOMAIN type can be a mix of FQDNs, domains, or wildcard domains. DSTN_IP type can have any of the following: Single IP address- Range of IP Addresses (e.g., 1.1.1.1 - 1.1.1.255)
- IP addresses specified by subnet mask. (e.g., 1.1.1.0/24)
'
description:
type: string
description: Additional information about the destination IP group
ipCategories:
type: array
items:
type: string
description: Destination IP address URL categories. You can identify destinations based on the URL category of the domain.
countries:
type: array
items:
type: string
description: Destination IP address counties. You can identify destinations based on the location of a server.
ipAddresses:
type: array
items:
type: string
description: 'Destination FQDNs or IP addresses within the group. This list cannot contain both. The IP address can be any of the following: - Single IP address
- Range of IP Addresses (e.g., 1.1.1.1 - 1.1.1.255)
- IP addresses specified by subnet mask. (e.g., 1.1.1.0/24)
'
urlCategories:
type: array
items:
type: string
description: This attribute is present for backward compatibility only. Zscaler recommends using the ipCategories attribute. Destination IP address URL categories. You can identify destinations based on the URL category of the domain.
description: TBD
IpGroup:
title: IpGroup
type: object
properties:
id:
type: integer
description: A unique identifier of the source IP address group.
format: int32
name:
type: string
description: The name of the source IP address group.
ipAddresses:
type: array
items:
type: string
description: Source IP addresses added to the group.
description:
type: string
description: The description of the source IP address group.
isNonEditable:
type: boolean
description: If set to true, the source IP address group is non-editable. This field is applicable only to predefined IP address groups, which cannot be modified.
description: IP group information.
NetworkApplicationGroup:
title: NetworkApplicationGroup
type: object
properties:
id:
type: integer
format: int32
name:
type: string
networkApplications:
type: array
items:
type: string
description: ''
description:
type: string
NetworkApplicationDom:
title: NetworkApplicationDom
type: object
properties:
id:
type: string
parentCategory:
$ref: '#/components/schemas/ParentCategory'
description:
type: string
deprecated:
type: boolean
default: false
NetworkServiceGroup:
title: NetworkServiceGroup
type: object
properties:
id:
type: integer
format: int32
name:
type: string
services:
type: array
items:
$ref: '#/components/schemas/NetworkService'
description: ''
description:
type: string
NetworkService:
title: NetworkService
type: object
properties:
id:
type: integer
format: int32
name:
type: string
tag:
type: string
srcTcpPorts:
type: array
items:
$ref: '#/components/schemas/PortRange'
description: ''
destTcpPorts:
type: array
items:
$ref: '#/components/schemas/PortRange'
description: ''
srcUdpPorts:
type: array
items:
$ref: '#/components/schemas/PortRange'
description: ''
destUdpPorts:
type: array
items:
$ref: '#/components/schemas/PortRange'
description: ''
type:
$ref: '#/components/schemas/Type5'
description:
type: string
isNameL10nTag:
type: boolean
default: false
TimeWindow:
title: TimeWindow
type: object
properties:
id:
type: integer
format: int32
name:
type: string
startTime:
type: integer
format: int32
endTime:
type: integer
format: int32
dayOfWeek:
type: array
items:
$ref: '#/components/schemas/DayOfWeek'
description: ''
PortRange:
title: PortRange
type: object
properties:
start:
type: integer
format: int32
end:
type: integer
format: int32
ForwardingRule:
title: ForwardingRule
required:
- name
- rank
- forwardMethod
type: object
properties:
id:
type: integer
description: A unique identifier assigned to the forwarding rule
format: int32
readOnly: true
name:
type: string
description: The name of the forwarding rule
type:
$ref: '#/components/schemas/Type6'
order:
type: integer
description: The order of execution for the forwarding rule order
format: int32
rank:
type: integer
description: Admin rank assigned to the forwarding rule
format: int32
locations:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the locations to which the forwarding rule applies. If not set, the rule is applied to all locations.
locationGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the location groups to which the forwarding rule applies
ecGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies
departments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the departments to which the forwarding rule applies. If not set, the rule applies to all departments.
groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the user groups to which the forwarding rule applies. If not set, the rule applies to all groups.
users:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the users to which the forwarding rule applies. If not set, user criteria is ignored during policy enforcement.
forwardMethod:
$ref: '#/components/schemas/ForwardMethod'
state:
$ref: '#/components/schemas/State2'
description:
type: string
description: Additional information about the forwarding rule
lastModifiedTime:
type: integer
description: Timestamp when the rule was last modified. This field is not applicable for POST or PUT request.
format: int32
readOnly: true
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
srcIps:
type: array
items:
type: string
description: User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
srcIpGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
Note: For organizations that have enabled IPv6, the srcIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
'
srcIpv6Groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
'
destAddresses:
type: array
items:
type: string
description: List of destination IP addresses or FQDNs for which the rule is applicable. CIDR notation can be used for destination IP addresses. If not set, the rule is not restricted to a specific destination addresses unless specified by destCountries, destIpGroups, or destIpCategories.
destIpCategories:
type: array
items:
type: string
description: List of destination IP categories to which the rule applies. If not set, the rule is not restricted to specific destination IP categories.
resCategories:
type: array
items:
type: string
description: List of destination domain categories to which the rule applies
destCountries:
type: array
items:
type: string
description: Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
destIpGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'User-defined destination IP address groups to which the rule is applied. If not set, the rule is not restricted to a specific destination IP address group.
Note: For organizations that have enabled IPv6, the destIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
'
destIpv6Groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
'
nwServices:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'User-defined network services to which the rule applies. If not set, the rule is not restricted to a specific network service.
Note: When the forwarding method is Proxy Chaining, only TCP-based network services are considered for policy match .
'
nwServiceGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: User-defined network service group to which the rule applies. If not set, the rule is not restricted to a specific network service group.
proxyGateway:
$ref: '#/components/schemas/ProxyGateway'
zpaAppSegments:
type: array
items:
$ref: '#/components/schemas/AppSegment'
description: The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
zpaApplicationSegments:
type: array
items:
$ref: '#/components/schemas/ZpaApplicationSegment'
description: List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector).
zpaApplicationSegmentGroups:
type: array
items:
$ref: '#/components/schemas/ZpaApplicationSegmentGroup'
description: List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector).
zpaGateway:
$ref: '#/components/schemas/ZpaGateway2'
zpaBrokerRule:
type: boolean
description: The predefined ZPA Broker Rule generated by Zscaler
readOnly: true
devices:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of devices for which the rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
labels:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Labels that are applicable to the rule
nwApplications:
type: array
items:
type: string
description: User-defined network service applications to which the rule applies. If not set, the rule is not restricted to a specific network service application.
nwApplicationGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: User-defined network service application groups to which the rule applied. If not set, the rule is not restricted to a specific network service application group.
timeWindows:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The time interval at which the forwarding rule applies
description: Forwarding rule information
ZpaGateway:
title: ZpaGateway
type: object
properties:
id:
type: integer
description: A unique identifier assigned to the ZPA gateway
format: int32
name:
type: string
description: The name of the ZPA gateway
zpaServerGroup:
$ref: '#/components/schemas/ZpaServerGroup'
zpaAppSegments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: All the Application Segments that are associated with the selected ZPA Server Group for which Source IP Anchoring is enabled
zpaTenantId:
type: integer
description: The ID of the ZPA tenant where Source IP Anchoring is configured
format: int64
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
lastModifiedTime:
type: integer
description: Timestamp when the ZPA gateway was last modified
format: int32
type:
$ref: '#/components/schemas/Type7'
description:
type: string
description: Additional details about the ZPA gateway
description: ZPA gateway information
AppSegment:
title: AppSegment
type: object
properties:
id:
type: integer
description: A unique identifier assigned to the Application Segment
format: int32
name:
type: string
description: The name of the Application Segment
externalId:
type: integer
description: Indicates the external ID. Applicable only when this reference is of an external entity.
format: int64
zpaTenantId:
type: integer
description: ID of the ZPA tenant where the Application Segment is configured
format: int64
description: Application Segment information
ZpaApplicationSegment:
title: ZpaApplicationSegment
type: object
properties:
id:
type: integer
description: A unique identifier assigned to the Application Segment
format: int32
name:
type: string
description: The name of the Application Segment
description:
type: string
description: Additional information about the Application Segment
zpaId:
type: integer
description: ID of the ZPA tenant where the Application Segment is configured
format: int64
deleted:
type: boolean
description: Indicates whether the ZPA Application Segment has been deleted
readOnly: true
description: Information about the ZPA Application Segment
ZpaApplicationSegmentGroup:
title: ZpaApplicationSegmentGroup
type: object
properties:
id:
type: integer
description: A unique identifier assigned to the Application Segment Group
format: int32
name:
type: string
description: The name of the Application Segment Group
zpaId:
type: integer
description: ID of the ZPA tenant where the Application Segment is configured
format: int64
deleted:
type: boolean
description: Indicates whether the ZPA Application Segment Group has been deleted
readOnly: true
zpaAppSegmentsCount:
type: integer
description: The number of ZPA Application Segments in the group
format: int32
description: Information about the Application Segment Group
IntermediateCaCertificate:
title: IntermediateCaCertificate
required:
- name
- type
type: object
properties:
id:
type: integer
description: Unique identifier for the intermediate CA certificate
format: int32
readOnly: true
name:
type: string
description: Name of the intermediate CA certificate
type:
$ref: '#/components/schemas/Type8'
region:
$ref: '#/components/schemas/Region'
status:
$ref: '#/components/schemas/Status3'
defaultCertificate:
type: boolean
description: If set to true, the intermediate CA certificate is the default intermediate certificate. Only one certificate can be marked as the default intermediate certificate at a time.
certStartDate:
type: integer
description: Start date of the intermediate CA certificate’s validity period
format: int64
readOnly: true
certExpDate:
type: integer
description: Expiration date of the intermediate CA certificate’s validity period
format: int64
readOnly: true
description:
type: string
description: Description for the intermediate CA certificate
currentState:
$ref: '#/components/schemas/CurrentState'
publicKey:
type: string
description: Public key in the HSM key pair generated for the intermediate CA certificate
readOnly: true
keyGenerationTime:
type: integer
description: Timestamp when the HSM key was generated
format: int32
readOnly: true
hsmAttestationVerifiedTime:
type: integer
description: Timestamp when the attestation for the HSM key was verified
format: int32
readOnly: true
csrFileName:
type: string
description: Certificate Signing Request (CSR) file name
readOnly: true
csrGenerationTime:
type: integer
description: Timestamp when the Certificate Signing Request (CSR) was generated
format: int32
readOnly: true
description: Intermediate CA certificate information.
CertSigningRequest:
title: CertSigningRequest
required:
- csrFileName
- commName
- orgName
- deptName
- city
- state
- country
type: object
properties:
certId:
type: integer
description: Unique identifier for the intermediate CA certificate
format: int32
readOnly: true
csrFileName:
type: string
description: Name of the CSR file
commName:
type: string
description: Common Name (CN) of your organization’s domain, such as zscaler.com
orgName:
type: string
description: Name of your organization or company
deptName:
type: string
description: Name of your department or division
city:
type: string
description: Name of the city or town where your organization is located
state:
type: string
description: State, province, region, or county where your organization is located
country:
type: string
keySize:
type: integer
description: 'Key size to be used in the encryption algorithm in bits. Default size: 2048 bits'
format: int32
readOnly: true
signatureAlgorithm:
$ref: '#/components/schemas/SignatureAlgorithm'
pathLengthConstraint:
type: integer
description: 'The path length constraint for the intermediate CA certificate. Default values: 0 for cloud HSM, 1 for software protection'
format: int32
readOnly: true
description: Certificate Signing Request (CSR) information. Required if your organization uses a custom intermediate root certificate for SSL inspection. After generating the CSR, download and send it to your trusted Certificate Authority (CA) to sign as a subordinate CA certificate or intermediate CA certificate.
CertCSR:
title: CertCSR
type: object
properties:
certId:
type: integer
description: Unique identifier for the intermediate CA certificate
format: int32
csrGenerationTime:
type: integer
description: Timestamp when the CSR was generated
format: int32
description: Certificate Signing Request (CSR) information.
HsmKey:
title: HsmKey
type: object
properties:
certId:
type: integer
description: Unique identifier for the intermediate CA certificate
format: int32
publicKey:
type: string
description: Public key in the HSM key pair generated for the intermediate CA certificate
keyGenerationTime:
type: integer
description: Timestamp when the HSM key was generated
format: int32
description: HSM key information.
HsmKeyAttestation:
title: HsmKeyAttestation
type: object
properties:
certId:
type: integer
description: Unique identifier for the intermediate CA certificate
format: int32
hsmAttestationVerifiedTime:
type: integer
description: Timestamp when the attestation for the HSM key was verified
format: int32
description: HSM key attestation verification information.
CustomCertificate:
title: CustomCertificate
required:
- certName
- commName
- orgName
- deptName
- city
- state
- country
type: object
properties:
sha1fingerprint:
type: string
description: Certificate SHA fingerprint, provided only in show cert
readOnly: true
validityInDays:
type: integer
description: Number of days of certificate validity, provided only in show cert
format: int32
readOnly: true
certName:
type: string
description: Certificate Name
commName:
type: string
description: Common Name
orgName:
type: string
description: Organization
deptName:
type: string
description: Department
city:
type: string
description: City
state:
type: string
description: State
country:
type: string
keySize:
type: integer
description: Key Size, by default set to 2048
format: int32
readOnly: true
signatureAlgorithm:
$ref: '#/components/schemas/SignatureAlgorithm1'
description: If your organization uses a custom intermediate root certificate for SSL inspection. Click Generate New CSR to open the Generate Certificate Signing Request window. Fill in the CSR request, and click Save. Then click Download CSR. Send this CSR to your CA for signing, and ensure it is signed as a Subordinate Certification Authority or Intermediate Certification Authority.
Urls:
title: Urls
type: object
properties:
urls:
type: array
items:
type: string
description: Domains or URLs which are exempted from SSL Inspection
IotItemInfo:
title: IotItemInfo
type: object
properties:
uuid:
type: string
description: The universally unique identifier (UUID) of the item.
name:
type: string
description: The name of the item.
parent_uuid:
type: string
description: 'The parent UUID of the item.
Note: This field is not applicable for the device types endpoint.
'
description: Information about the items.
IotDeviceInfo:
title: IotDeviceInfo
type: object
properties:
cloudName:
type: string
description: The Zscaler cloud on which your organization is provisioned.
customerId:
type: integer
description: The unique identifier for your organization.
format: int32
devices:
type: array
items:
$ref: '#/components/schemas/DeviceInfo'
description: A list of DeviceInfo objects.
description: Information about all discovered devices.
DeviceInfo:
title: DeviceInfo
type: object
properties:
locationId:
type: string
description: The location ID where the device resides.
deviceUuid:
type: string
description: The universally unique identifier (UUID) of the device identified by the Zscaler AI/ML.
ipAddress:
type: string
description: The IP address of the device.
deviceTypeUuid:
type: string
description: The UUID of the device type identified by the Zscaler AI/Ml.
autoLabel:
type: string
description: A label generated by the Zscaler AI/ML engine to describe the device's prominent characteristics.
classificationUuid:
type: string
description: The UUID for the device classification.
categoryUuid:
type: string
description: The UUID for the device category.
flowStartTime:
type: integer
description: The start timestamp at which Zscaler AI/ML engine starts evaluating the device's weblog records. It's noted in epoch seconds.
format: int32
flowEndTime:
type: integer
description: The end timestamp at which Zscaler AI/ML engine stops evaluating the device's weblog records. It's noted in epoch seconds.
format: int32
Location:
title: Location
required:
- name
type: object
properties:
id:
type: integer
description: Location ID.
format: int32
readOnly: true
name:
type: string
description: Location Name.
parentId:
type: integer
description: 'Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB'
format: int32
upBandwidth:
type: integer
description: Upload bandwidth in kbps. The value 0 implies no Bandwidth Control enforcement.
format: int32
dnBandwidth:
type: integer
description: Download bandwidth in kbps. The value 0 implies no Bandwidth Control enforcement.
format: int32
country:
type: string
tz:
type: string
city:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'Geolocation of the IoT device. It displays the name-ID pair for the location ("city" : { "id":"0", "name":"string" }).
For example, "city" : { "id":"2077963", "name":"Albany, Western Australia, Australia"}.
'
geoOverride:
type: boolean
description: If this field is set to true, the latitude and longitude values must be provided. By default, it's set to false.
latitude:
type: number
description: 'The value of latitude must be set to 7-digit precision after decimal point, ranging between -90 and 90 degrees.
Note: This field is mandatory if geoOverride is set to true.
'
longitude:
type: number
description: 'The value of longitude must be set to 7-digit precision after decimal point, ranging between -180 and 180 degrees.
Note: This field is mandatory if geoOverride is set to true.
'
ipAddresses:
type: array
items:
type: string
description: 'For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., 238.10.33.9).
For sublocations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g., 10.10.33.0/24), or range (e.g., 10.10.33.1-10.10.33.10)).
'
ports:
type: array
items:
type: integer
format: int32
description: IP ports that are associated with the location.
vpnCredentials:
type: array
items:
$ref: '#/components/schemas/VPNCredential'
description: VPN User Credentials that are associated with the location.
authRequired:
type: boolean
description: Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
default: false
sslScanEnabled:
type: boolean
description: This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Enable SSL Inspection. Set to true in order to apply your SSL Inspection policy to HTTPS traffic in the location and inspect HTTPS transactions for data leakage, malicious content, and viruses. To learn more, see Deploying SSL Inspection
default: false
zappSSLScanEnabled:
type: boolean
description: This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting takes effect, irrespective of the SSL policy that is configured for the location. To learn more, see Configuring SSL Inspection for Zscaler App
default: false
xffForwardEnabled:
type: boolean
description: Enable XFF Forwarding for a location. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
Note: For sublocations, this attribute is a read-only field as the value is inherited from the parent location.
default: false
otherSubLocation:
type: boolean
description: If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other and it can be renamed, if required.
other6SubLocation:
type: boolean
description: If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
surrogateIP:
type: boolean
description: Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses. To learn more, see About Surrogate IP.
default: false
idleTimeInMinutes:
type: integer
description: Idle Time to Disassociation. The user mapping idle time (in minutes) is required if a Surrogate IP is enabled.
format: int32
displayTimeUnit:
$ref: '#/components/schemas/DisplayTimeUnit'
surrogateIPEnforcedForKnownBrowsers:
type: boolean
description: Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers. To learn more, see About Surrogate IP
default: false
surrogateRefreshTimeInMinutes:
type: integer
description: Refresh Time for re-validation of Surrogacy. The surrogate refresh time (in minutes) to re-validate the IP surrogates.
format: int32
surrogateRefreshTimeUnit:
$ref: '#/components/schemas/SurrogateRefreshTimeUnit'
ofwEnabled:
type: boolean
description: Enable Firewall. When set to true, Firewall is enabled for the location.
default: false
ipsControl:
type: boolean
description: Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
default: false
aupEnabled:
type: boolean
description: Enable AUP. When set to true, AUP is enabled for the location. To learn more, see About End User Notifications
default: false
cautionEnabled:
type: boolean
description: Enable Caution. When set to true, a caution notifcation is enabled for the location. To learn more, see Configuring the Caution Notification
default: false
aupBlockInternetUntilAccepted:
type: boolean
description: For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
default: false
aupForceSslInspection:
type: boolean
description: For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler forces SSL Inspection in order to enforce AUP for HTTPS traffic.
default: false
ipv6Enabled:
type: boolean
description: If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
ipv6Dns64Prefix:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true. To learn more, see About the DNS64 Prefix.
Before you can configure a DNS64 prefix, you must send a GET request to /ipv6config/nat64prefix to retrieve the IDs of NAT64 prefixes, which can be configured as the DNS64 prefix.
iotDiscoveryEnabled:
type: boolean
description: If this field is set to true, IoT discovery is enabled for this location.
aupTimeoutInDays:
type: integer
description: Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
format: int32
managedBy:
allOf:
- $ref: '#/components/schemas/ManagedBy'
- {}
readOnly: true
profile:
$ref: '#/components/schemas/Profile'
description:
type: string
description: Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
description: Location and sub-location information.
IdListInteger:
title: IdListInteger
type: object
properties:
ids:
type: array
items:
type: integer
format: int32
description: ''
LocationLite:
title: LocationLite
required:
- name
type: object
properties:
id:
type: integer
description: Location ID
format: int32
readOnly: true
name:
type: string
description: Location Name
parentId:
type: integer
description: 'Parent Location ID. If this ID does not exist or is 0, it is implied that it is a parent location. Otherwise, it is a sub-location whose parent has this ID. x-applicableTo: SUB'
format: int32
tz:
type: string
xffForwardEnabled:
type: boolean
description: Enable XFF Forwarding for a location. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
Note: For sublocations, this attribute is a read-only field as the value is inherited from the parent location.
aupEnabled:
type: boolean
description: Enable AUP. When set to true, AUP is enabled for the location. To learn more, see About End User Notifications
cautionEnabled:
type: boolean
description: Enable Caution. When set to true, a caution notifcation is enabled for the location. To learn more, see Configuring the Caution Notification
aupBlockInternetUntilAccepted:
type: boolean
description: For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
aupForceSslInspection:
type: boolean
description: For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler forces SSL Inspection in order to enforce AUP for HTTPS traffic.
surrogateIP:
type: boolean
description: Enable Surrogate IP. When set to true, users are mapped to internal device IP addresses. To learn more, see About Surrogate IP.
surrogateIPEnforcedForKnownBrowsers:
type: boolean
description: Enforce Surrogate IP for Known Browsers. When set to true, IP Surrogate is enforced for all known browsers. To learn more, see About Surrogate IP
otherSubLocation:
type: boolean
description: If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other and it can be renamed, if required.
other6SubLocation:
type: boolean
description: If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sublocations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
ofwEnabled:
type: boolean
description: Enable Firewall. When set to true, Firewall is enabled for the location.
ipsControl:
type: boolean
description: Enable IPS Control. When set to true, IPS Control is enabled for the location if Firewall is enabled.
zappSslScanEnabled:
type: boolean
description: This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
Enable Zscaler App SSL Setting. When set to true, the Zscaler App SSL Scan Setting takes effect, irrespective of the SSL policy that is configured for the location. To learn more, see Configuring SSL Inspection for Zscaler App
ipv6Enabled:
type: boolean
description: If set to true, IPv6 is enabled for the location and IPv6 traffic from the location can be forwarded to the Zscaler service to enforce security policies.
description: Location and sub-location information based on a limited number of fields.
LocationGroup:
title: LocationGroup
required:
- name
type: object
properties:
id:
type: integer
description: Unique identifier for the location group
format: int32
readOnly: true
name:
type: string
description: Location group name
deleted:
type: boolean
description: Indicates the location group was deleted
readOnly: true
groupType:
$ref: '#/components/schemas/GroupType1'
dynamicLocationGroupCriteria:
$ref: '#/components/schemas/DynamicLocationGroupCriteria2'
locations:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of the locations that are assigned to the static location group. This is ignored if the groupType is Dynamic.
comments:
type: string
description: Additional information about the location group
lastModUser:
$ref: '#/components/schemas/LastModUser'
lastModTime:
type: integer
description: Automatically populated with the current time, after a successful POST or PUT request.
format: int32
readOnly: true
predefined:
type: boolean
description: Location group information.
VPNCredential:
title: VPNCredential
required:
- type
type: object
properties:
id:
type: integer
description: VPN credential id
format: int32
readOnly: true
type:
$ref: '#/components/schemas/Type9'
fqdn:
type: string
description: Fully Qualified Domain Name. Applicable only to UFQDN or XAUTH (or HOSTED_MOBILE_USERS) auth type.
ipAddress:
type: string
description: Static IP address for VPN that is self-provisioned or provisioned by Zscaler. This is a required field for IP auth type and is not applicable to other auth types.
Note: If you want Zscaler to provision static IP addresses for your organization, contact Zscaler Support.
preSharedKey:
type: string
description: Pre-shared key. This is a required field for UFQDN and IP auth type.
comments:
type: string
description: Additional information about this VPN credential.
location:
allOf:
- $ref: '#/components/schemas/Location1'
- {}
readOnly: true
managedBy:
allOf:
- $ref: '#/components/schemas/ManagedBy'
- {}
readOnly: true
description: >-
VPN is one way to route traffic from customer locations to the cloud. Site-to-site IPSec VPN credentials can be identified by the cloud through one of the following methods:
1. Common Name (CN) of IPSec Certificate
2. VPN User FQDN - requires VPN_SITE_TO_SITE subscription
3. VPN IP Address - requires VPN_SITE_TO_SITE subscription
4. Extended Authentication (XAUTH) or hosted mobile UserID - requires VPN_MOBILE subscription
Notes:
IPs must be created in Static IP first
CN type (certificate) is created automatically, when a CN is provisioned by Zscaler.
The 'psk' field is not applicable for this VPN type.
The most common type is UFQDN.
DynamicLocationGroupCriteria:
title: DynamicLocationGroupCriteria
type: object
properties:
name:
$ref: '#/components/schemas/StringFilter'
countries:
type: array
items:
type: string
description: One or more countries from a predefined set
city:
$ref: '#/components/schemas/StringFilter'
managedBy:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: One or more values from a predefined set of SD-WAN partner list to display partner names.
enforceAuthentication:
type: boolean
description: Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
enforceAup:
type: boolean
description: Enable AUP. When set to true, AUP is enabled for the location.
enforceFirewallControl:
type: boolean
description: Enable Firewall. When set to true, Firewall is enabled for the location.
enableXffForwarding:
type: boolean
description: Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
enableCaution:
type: boolean
description: Enable Caution. When set to true, a caution notifcation is enabled for the location.
enableBandwidthControl:
type: boolean
description: Enable Bandwidth Control. When set to true, Bandwidth Control is enabled for the location.
profiles:
type: array
items:
$ref: '#/components/schemas/Profile1'
description: One or more location profiles from a predefined set
description: Dynamic location group information.
StringFilter:
title: StringFilter
type: object
properties:
matchString:
type: string
description: String value to be matched or partially matched
matchType:
$ref: '#/components/schemas/MatchType'
RuleLabel:
title: RuleLabel
type: object
properties:
id:
type: integer
description: The unique identifier for the rule label.
format: int32
name:
type: string
description: The rule label name.
description:
type: string
description: The rule label description.
lastModifiedTime:
type: integer
description: Timestamp when the rule lable was last modified. This is a read-only field. Ignored by PUT and DELETE requests.
format: int32
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
createdBy:
$ref: '#/components/schemas/CreatedBy'
referencedRuleCount:
type: integer
description: The number of rules that reference the label.
format: int32
description: Rule label information.
BaAdvancedSettings:
title: BaAdvancedSettings
type: object
properties:
fileHashesToBeBlocked:
type: array
items:
type: string
description: A custom list of unique MD5 file hashes that must be blocked by Sandbox. A maximum of 10000 MD5 file hashes can be blocked.
description: Advanced Sandbox Settings
CustomFileHashQuota:
title: CustomFileHashQuota
type: object
properties:
blockedFileHashesCount:
type: integer
description: The number of unique MD5 file hashes that are blocked by Sandbox.
format: int32
readOnly: true
remainingFileHashes:
type: integer
description: Unused quota for blocking MD5 file hashes.
format: int32
readOnly: true
description: Used and unused quota for blocking MD5 file hashes.
CloudApplication:
title: CloudApplication
type: object
properties:
sanctionedState:
$ref: '#/components/schemas/SanctionedState'
applicationIds:
type: array
items:
type: integer
format: int32
description: The list of cloud application IDs for which the status (sanctioned or unsanctioned) and tags have to be updated
customTags:
type: array
items:
$ref: '#/components/schemas/CustomTag'
description: The list of custom tags that must be assigned to the cloud applications
description: Cloud application information
NamedItem:
title: NamedItem
type: object
properties:
id:
type: integer
description: Unique identifier of the cloud application
format: int32
name:
type: string
description: The name of the cloud application
CustomTag:
title: CustomTag
type: object
properties:
id:
type: integer
description: Unique identifier of the custom tag
format: int32
name:
type: string
description: The name of the custom tag
description: Name-ID information of custom tags
ShadowITApplicationRequest:
title: ShadowITApplicationRequest
type: object
properties:
duration:
$ref: '#/components/schemas/Duration'
application:
type: array
items:
type: string
description: List of Applications.
appName:
type: string
description: Application name Filter
order:
$ref: '#/components/schemas/Order'
applicationCategory:
type: array
items:
type: string
description: Application name Filter
dataConsumed:
type: array
items:
$ref: '#/components/schemas/RangeLong'
description: ''
riskIndex:
type: array
items:
type: number
description: Risk Index Filter
sanctionedState:
type: array
items:
$ref: '#/components/schemas/SanctionedState1'
description: Application Status Filter
employees:
type: array
items:
$ref: '#/components/schemas/Employee'
description: Employees Count Filter
supportedCertifications:
$ref: '#/components/schemas/IncludeExcludeMultiFilterOperationVendorComplianceID'
sourceIpRestriction:
type: array
items:
$ref: '#/components/schemas/SourceIpRestriction'
description: Source IP Restrictions Filter
mfaSupport:
type: array
items:
$ref: '#/components/schemas/MfaSupport'
description: MFA Support Filter
adminAuditLogs:
type: array
items:
$ref: '#/components/schemas/AdminAuditLog'
description: Admin Audit Logs Filter
hadBreachInLast3Years:
type: array
items:
$ref: '#/components/schemas/HadBreachInLast3Year'
description: Data Breaches in Last 3 Years Filter
havePoorItemsOfService:
type: array
items:
$ref: '#/components/schemas/HavePoorItemsOfService'
description: Poor Terms of Service Filter
passwordStrength:
type: array
items:
$ref: '#/components/schemas/PasswordStrength'
description: Password Strength Filter
sslPinned:
type: array
items:
$ref: '#/components/schemas/SslPinned'
description: SSL Pinned Filter
evasive:
type: array
items:
$ref: '#/components/schemas/Evasive'
description: Evasive Filter
haveHTTPSecurityHeaderSupport:
type: array
items:
$ref: '#/components/schemas/HaveHTTPSecurityHeaderSupport'
description: HTTP Security Header Support Filter
dnsCAAPolicy:
type: array
items:
$ref: '#/components/schemas/DnsCAAPolicy'
description: DNS CAA Policy Filter
haveWeakCipherSupport:
type: array
items:
$ref: '#/components/schemas/HaveWeakCipherSupport'
description: Weak Cipher Support Filter
sslCertificationValidity:
type: array
items:
$ref: '#/components/schemas/SslCertificationValidity'
description: SSL Certification Validity Filter
malwareScanningContent:
type: array
items:
$ref: '#/components/schemas/MalwareScanningContent'
description: Malware Scanning Content Filter
fileSharing:
type: array
items:
$ref: '#/components/schemas/FileSharing'
description: File Sharing Filter
remoteAccessScreenSharing:
type: array
items:
$ref: '#/components/schemas/RemoteAccessScreenSharing'
description: Remote Access Screen Sharing Filter
senderPolicyFramework:
type: array
items:
$ref: '#/components/schemas/SenderPolicyFramework'
description: Sender Policy Framework Filter
domainKeysIdentifiedMail:
type: array
items:
$ref: '#/components/schemas/DomainKeysIdentifiedMail'
description: DomainKeys Identified Mail Filter
domainBasedMessageAuthentication:
type: array
items:
$ref: '#/components/schemas/DomainBasedMessageAuthentication'
description: Domain-Based Message Authentication Filter
vulnerableDisclosureProgram:
type: array
items:
$ref: '#/components/schemas/VulnerableDisclosureProgram'
description: Vulnerability Disclosure Policy Filter
wafSupport:
type: array
items:
$ref: '#/components/schemas/WafSupport'
description: Support for WAF Filter
vulnerability:
type: array
items:
$ref: '#/components/schemas/Vulnerability'
description: Published CVE Vulnerability Filter
validSSLCertificate:
type: array
items:
$ref: '#/components/schemas/ValidSSLCertificate'
description: Valid SSL Certificate Filter
dataEncryptionInTransit:
type: array
items:
$ref: '#/components/schemas/DataEncryptionInTransit'
description: Data Encryption in Transit Filter
vulnerableToHeartBleed:
type: array
items:
$ref: '#/components/schemas/VulnerableToHeartBleed'
description: Vulnerable to Heart Bleed Filter
vulnerableToPoodle:
type: array
items:
$ref: '#/components/schemas/VulnerableToPoodle'
description: Vulnerable to Poodle Filter
vulnerableToLogJam:
type: array
items:
$ref: '#/components/schemas/VulnerableToLogJam'
description: Vulnerable to Logjam Filter
certKeySize:
$ref: '#/components/schemas/IncludeExcludeMultiFilterOperationCertKeySize'
ShadowITRequest:
title: ShadowITRequest
type: object
properties:
duration:
$ref: '#/components/schemas/Duration'
application:
type: array
items:
type: string
description: Applications filter
order:
$ref: '#/components/schemas/Order'
downloadBytes:
type: array
items:
$ref: '#/components/schemas/RangeLong'
description: Download Bytes Filter
uploadBytes:
type: array
items:
$ref: '#/components/schemas/RangeLong'
description: Upload Bytes Filter
dataConsumed:
type: array
items:
$ref: '#/components/schemas/RangeLong'
description: ''
users:
type: array
items:
$ref: '#/components/schemas/EntityIdName'
description: Users Filter
locations:
type: array
items:
$ref: '#/components/schemas/EntityIdName'
description: Locations Filter
departments:
type: array
items:
$ref: '#/components/schemas/EntityIdName'
description: Department Filter
Order:
title: Order
type: object
properties:
on:
$ref: '#/components/schemas/On'
by:
$ref: '#/components/schemas/By'
RangeLong:
title: RangeLong
type: object
properties:
min:
type: integer
format: int64
max:
type: integer
format: int64
IncludeExcludeMultiFilterOperationVendorComplianceID:
title: IncludeExcludeMultiFilterOperationVendorComplianceID
type: object
properties:
operation:
$ref: '#/components/schemas/Operation'
value:
type: array
items:
$ref: '#/components/schemas/Value'
description: ''
IncludeExcludeMultiFilterOperationCertKeySize:
title: IncludeExcludeMultiFilterOperationCertKeySize
type: object
properties:
operation:
$ref: '#/components/schemas/Operation'
value:
type: array
items:
$ref: '#/components/schemas/Value1'
description: ''
EntityIdName:
title: EntityIdName
type: object
properties:
id:
type: integer
format: int32
pid:
type: integer
format: int32
name:
type: string
description:
type: string
deleted:
type: boolean
getlId:
type: integer
format: int64
GreTunnel:
title: GreTunnel
type: object
properties:
id:
type: integer
description: Unique identifier of the static IP address that is associated to a GRE tunnel
format: int32
readOnly: true
sourceIp:
type: string
description: The source IP address of the GRE tunnel. This is typically a static IP address in the organization or SD-WAN. This IP address must be provisioned within the Zscaler service using the /staticIP endpoint.
primaryDestVip:
$ref: '#/components/schemas/PrimaryDestVip'
secondaryDestVip:
$ref: '#/components/schemas/SecondaryDestVip'
internalIpRange:
type: string
description: The start of the internal IP address in /29 CIDR range
managedBy:
allOf:
- $ref: '#/components/schemas/ManagedBy'
- {}
readOnly: true
lastModificationTime:
type: integer
description: When the GRE tunnel information was last modified
format: int32
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
withinCountry:
type: boolean
description: Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP address
comment:
type: string
description: Additional information about this GRE tunnel
ipUnnumbered:
type: boolean
description: This is required to support the automated SD-WAN provisioning of GRE tunnels, when set to true gre_tun_ip and gre_tun_id are set to null
subcloud:
type: string
description: Restrict the data center virtual IP addresses (VIPs) only to those part of the subcloud
description: GRE tunnel information
GreTunnelIPRange:
title: GreTunnelIPRange
type: object
properties:
startIPAddress:
type: string
description: Starting IP address in the range
endIPAddress:
type: string
description: Ending IP address in the range
IPv6Configuration:
title: IPv6Configuration
type: object
properties:
ipV6Enabled:
type: boolean
description: If set to true, IPv6 support is enabled for your organization. You can forward IPv6 traffic to the Zscaler service and enforce security policies. If set to false, IPv6 support is disabled for your organization.
natPrefixes:
type: array
items:
$ref: '#/components/schemas/IPv6PrefixMask'
description: NAT64 prefix information.
dnsPrefix:
type: array
items:
$ref: '#/components/schemas/IPv6PrefixMask'
description: DNS64 prefix information.
description: IPv6 configuration details.
IPv6PrefixMask:
title: IPv6PrefixMask
type: object
properties:
id:
type: integer
description: A unique identifier for the NAT64 prefix.
format: int32
name:
type: string
description: The name of the NAT64 prefix.
description:
type: string
description: The description of the NAT64 prefix.
prefixMask:
type: string
description: The subnet mask for the NAT64 prefix.
dnsPrefix:
type: boolean
description: Indicates whether or not this NAT64 prefix is the DNS64 prefix.
nonEditable:
type: boolean
description: Indicates whether or not this NAT64 prefix is editable.
description: NAT64/DNS64 prefix information.
IpDetails:
title: IpDetails
type: object
properties:
ipAddress:
type: string
greEnabled:
type: boolean
default: false
greTunnelIP:
type: string
primaryGW:
type: string
secondaryGW:
type: string
tunID:
type: integer
format: int32
greRangePrimary:
type: string
greRangeSecondary:
type: string
RegionInfo:
title: RegionInfo
type: object
properties:
cityGeoId:
type: integer
description: The geographical ID of the city
format: int32
stateGeoId:
type: integer
description: The geographical ID of the state
format: int32
latitude:
type: number
description: The latitude coordinate of the city
longitude:
type: number
description: The longitude coordinate of the city
cityName:
type: string
description: The name of the city
stateName:
type: string
description: The name of the state, province, or territory of a country
countryName:
type: string
description: The name of the country
countryCode:
type: string
description: The ISO standard two-letter country code
postalCode:
type: string
description: The postal code
continentCode:
type: string
description: The ISO standard two-letter continent code
description: Information about a region or a city
StaticIP:
title: StaticIP
required:
- latitude
- longitude
type: object
properties:
id:
type: integer
description: The unique identifier for the static IP address
format: int32
readOnly: true
ipAddress:
type: string
description: The static IP address
geoOverride:
type: boolean
description: If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided.
latitude:
type: number
description: Required only if the geoOverride attribute is set. Latitude with 7 digit precision after decimal point, ranges between -90 and 90 degrees.
longitude:
type: number
description: Required only if the geoOverride attribute is set. Longitude with 7 digit precision after decimal point, ranges between -180 and 180 degrees.
routableIP:
type: boolean
description: Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization.
managedBy:
$ref: '#/components/schemas/ManagedBy'
lastModificationTime:
type: integer
description: When the static IP address was last modified
format: int32
readOnly: true
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
comment:
type: string
description: Additional information about this static IP address
description: Static IP address information
PublicNode:
title: PublicNode
type: object
properties:
cloudName:
type: string
description: The Zscaler cloud name.
region:
type: string
description: The region.
country:
type: string
description: The country.
city:
type: string
description: The city.
dataCenter:
type: string
description: Data center name.
location:
type: string
description: The location coordinates.
vpnIps:
type: array
items:
type: string
description: The VPN IP addresses.
vpnDomainName:
type: string
description: The VPN server domain name.
greIps:
type: array
items:
type: string
description: The GRE IP addresses.
greDomainName:
type: string
description: The proxy host name.
pacIps:
type: array
items:
type: string
description: The PAC IP addresses.
pacDomainName:
type: string
description: The PAC server domain name.
svpnIps:
type: array
items:
type: string
description: The PAC IP addresses.
svpnDomainName:
type: string
description: The PAC server domain name.
description: Public node details
DatacenterVips:
title: DatacenterVips
type: object
properties:
datacenter:
$ref: '#/components/schemas/Datacenter2'
greVips:
type: array
items:
$ref: '#/components/schemas/GreVirtualIp'
description: GRE cluster virtual IP addresses (VIPs).
description: GRE cluster virtual IP addresses (VIPs) that belong to a Zscaler data center.
GreVirtualIp:
title: GreVirtualIp
type: object
properties:
id:
type: integer
description: Unique identifer of the GRE virtual IP address (VIP)
format: int32
virtualIp:
type: string
description: GRE cluster virtual IP address (VIP)
privateServiceEdge:
type: boolean
description: Set to true if the virtual IP address (VIP) is a ZIA Private Service Edge
readOnly: true
datacenter:
type: string
description: Data center information
readOnly: true
description: GRE cluster virtual IP address (VIP) and data center information
Datacenter:
title: Datacenter
type: object
properties:
datacenter:
type: string
description: Zscaler data center name.
readOnly: true
description: Zscaler data center information.
UrlFilteringRule:
title: UrlFilteringRule
required:
- name
type: object
properties:
id:
type: integer
description: URL Filtering Rule ID
format: int32
name:
type: string
description: Rule Name
order:
type: integer
description: Order of execution of rule with respect to other URL Filtering rules
format: int32
protocols:
type: array
items:
$ref: '#/components/schemas/Protocol1'
description: Protocol criteria
locations:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of locations for which rule must be applied
groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of groups for which rule must be applied
departments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of departments for which rule must be applied
users:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of users for which rule must be applied
urlCategories:
type: array
items:
type: string
description: List of URL categories for which rule must be applied
state:
$ref: '#/components/schemas/State3'
timeWindows:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of time interval during which rule must be enforced.
workloadGroups:
type: array
items:
$ref: '#/components/schemas/WorkloadGroup'
description: The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups.
rank:
type: integer
description: Admin rank of the admin who creates this rule
format: int32
requestMethods:
type: array
items:
$ref: '#/components/schemas/RequestMethod'
description: Request method for which the rule must be applied. If not set, rule is applied to all methods
endUserNotificationUrl:
type: string
description: URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified.
overrideUsers:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of users for which this rule can be overridden. Applicable only if blockOverride is set to 'true', action is 'BLOCK' and overrideGroups is not set.If this overrideUsers is not set, 'BLOCK' action can be overridden for any user.
overrideGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of groups for which this rule can be overridden. Applicable only if blockOverride is set to 'true' and action is 'BLOCK'. If this overrideGroups is not set, 'BLOCK' action can be overridden for any group.
blockOverride:
type: boolean
description: When set to true, a 'BLOCK' action triggered by the rule could be overridden. If true and both overrideGroup and overrideUsers are not set, the BLOCK triggered by this rule could be overridden for any users. If blockOverride is not set, 'BLOCK' action cannot be overridden.
default: false
timeQuota:
type: integer
description: Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
format: int32
sizeQuota:
type: integer
description: Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
format: int32
description:
type: string
description: Additional information about the URL Filtering rule
locationGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the location groups to which the rule must be applied.
labels:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The URL Filtering rule's label. Rule labels allow you to logically group your organization's policy rules. Policy rules that are not associated with a rule label are grouped under the Untagged label.
validityStartTime:
type: integer
description: If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
format: int32
validityEndTime:
type: integer
description: If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
format: int32
validityTimeZoneId:
type: string
description: If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID.
lastModifiedTime:
type: integer
description: When the rule was last modified
format: int32
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
enforceTimeValidity:
type: boolean
description: Enforce a set a validity time period for the URL Filtering rule. To learn more, see Configuring the URL Filtering Policy.
devices:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of devices for which rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceTrustLevels:
type: array
items:
$ref: '#/components/schemas/DeviceTrustLevel'
description: List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
action:
$ref: '#/components/schemas/Action4'
cbiProfile:
$ref: '#/components/schemas/CbiProfile'
ciparule:
type: boolean
description: If set to true, the CIPA Compliance rule is enabled
default: false
description: URL Filtering Rule
AccessControl:
title: AccessControl
enum:
- NONE
- READ_ONLY
- READ_WRITE
type: string
description: The access privilege for this DLP policy rule based on the admin's state.
Action:
title: Action
enum:
- PHRASE_COUNT_TYPE_UNIQUE
- PHRASE_COUNT_TYPE_ALL
type: string
description: The action applied to a DLP dictionary using phrases
Action1:
title: Action1
enum:
- PATTERN_COUNT_TYPE_ALL
- PATTERN_COUNT_TYPE_UNIQUE
type: string
description: The action applied to a DLP dictionary using patterns
Action2:
title: Action2
enum:
- ANY
- NONE
- BLOCK
- ALLOW
- ICAP_RESPONSE
type: string
description: The action taken when traffic matches the DLP policy rule criteria.
Action3:
title: Action3
enum:
- ALLOW
- BLOCK_DROP
- BLOCK_RESET
- BLOCK_ICMP
- EVAL_NWAPP
type: string
description: The action the Firewall Filtering policy rule takes when packets match the rule
Action4:
title: Action4
enum:
- BLOCK
- CAUTION
- ALLOW
- ISOLATE
- ICAP_RESPONSE
type: string
description: 'Action taken when traffic matches rule criteria.
Note: The ISOLATE action is available only if Cloud Browser Isolation is enabled for your organization. To learn more, see Configuring the URL Filtering Policy.
'
action5:
title: action5
enum:
- ADD_TO_LIST
- REMOVE_FROM_LIST
type: string
AdminAcctAccess:
title: AdminAcctAccess
enum:
- NONE|READ_WRITE
type: string
description: Admin and role management access permission.
AdminAuditLog:
title: AdminAuditLog
enum:
- YES
- NO
- UNKNOWN
type: string
AnalysisAccess:
title: AnalysisAccess
enum:
- NONE|READ_ONLY
type: string
description: Insights logs access permission.
By:
title: By
enum:
- INCREASING
- DECREASING
type: string
ConfidenceThreshold:
title: ConfidenceThreshold
enum:
- CONFIDENCE_LEVEL_LOW
- CONFIDENCE_LEVEL_MEDIUM
- CONFIDENCE_LEVEL_HIGH
type: string
description: The DLP confidence threshold
CurrentState:
title: CurrentState
enum:
- GENERAL_DONE
- KEYGEN_DONE
- PUBKEY_DONE
- ATTESTATION_DONE
- ATTESTATION_VERIFY_DONE
- CSRGEN_DONE
- INTCERT_UPLOAD_DONE
- CERTCHAIN_UPLOAD_DONE
- CERT_READY
type: string
description: Tracks the progress of the intermediate CA certificate in the configuration workflow
CustomPhraseMatchType:
title: CustomPhraseMatchType
enum:
- MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY
- MATCH_ANY_CUSTOM_PHRASE_PATTERN_DICTIONARY
type: string
description: The DLP custom phrase match type
DashboardAccess:
title: DashboardAccess
enum:
- NONE|READ_ONLY
type: string
description: Dashboard access permission.
DataEncryptionInTransit:
title: DataEncryptionInTransit
enum:
- YES
- NO
- UNKNOWN
type: string
DayOfWeek:
title: DayOfWeek
enum:
- ANY
- NONE
- EVERYDAY
- SUN
- MON
- TUE
- WED
- THU
- FRI
- SAT
type: string
DeviceGroupType:
title: DeviceGroupType
enum:
- ZCC_OS
- NON_ZCC
- CBI
type: string
description: The device group type.
DeviceTrustLevel:
title: DeviceTrustLevel
enum:
- ANY
- UNKNOWN_DEVICETRUSTLEVEL
- LOW_TRUST
- MEDIUM_TRUST
- HIGH_TRUST
type: string
DictionaryType:
title: DictionaryType
enum:
- PATTERNS_AND_PHRASES
- EXACT_DATA_MATCH
- INDEXED_DATA_MATCH
type: string
description: The DLP dictionary type.
DisplayTimeUnit:
title: DisplayTimeUnit
enum:
- MINUTE
- HOUR
- DAY
type: string
description: Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
DnsCAAPolicy:
title: DnsCAAPolicy
enum:
- YES
- NO
- UNKNOWN
type: string
DomainBasedMessageAuthentication:
title: DomainBasedMessageAuthentication
enum:
- YES
- NO
- UNKNOWN
type: string
DomainKeysIdentifiedMail:
title: DomainKeysIdentifiedMail
enum:
- YES
- NO
- UNKNOWN
type: string
Duration:
title: Duration
enum:
- LAST_1_DAYS
- LAST_7_DAYS
- LAST_15_DAYS
- LAST_MONTH
- LAST_QUARTER
type: string
description: Report Duration
Employee:
title: Employee
enum:
- NONE
- RANGE_1_100
- RANGE_100_1000
- RANGE_1000_10000
- RANGE_10000_INF
type: string
entity:
title: entity
enum:
- USER
- LOCATION
type: string
Evasive:
title: Evasive
enum:
- YES
- NO
- UNKNOWN
type: string
excludeType:
title: excludeType
enum:
- DSTN_IP
- DSTN_FQDN
- DSTN_DOMAIN
- DSTN_OTHER
type: string
FileSharing:
title: FileSharing
enum:
- YES
- NO
- UNKNOWN
type: string
FileUploadStatus:
title: FileUploadStatus
enum:
- ADP_SCHEMA_CREATED
- ADP_FILE_PROCESSING
- ADP_FILE_UPLOAD_COMPLETED
- ADP_FILE_VALIDATION_FAILURE
- ADP_FILE_DELETE_FAILURE
- ADP_MD5_CONVERSION_FAILURE
- ADP_FILE_UPLOAD_ERROR
- ADP_RESERVE_CELLS_ERROR
- ADP_GENERIC_ERROR
- ADP_CDSSDLP_COMM_FAIL
- ADP_CDSSDLP_REJECT
- ADP_FILE_UPLOAD_ABORTED
- FAIL
- ADP_FILE_UPLOAD_IN_PROGRESS
- ADP_FILE_BUCKET_COLLISION
- ADP_FILE_PRIM_KEY_DUPLICATE
type: string
description: The status of the EDM template's CSV file upload to the Index Tool. This attribute is required by PUT and POST requests.
ForwardMethod:
title: ForwardMethod
enum:
- INVALID
- DIRECT
- PROXYCHAIN
- ZIA
- ZPA
- ECZPA
- ECSELF
- DROP
type: string
description: The type of traffic forwarding method selected from the available options
GroupType:
title: GroupType
enum:
- ZCC_OS
- NON_ZCC
- CBI
type: string
description: The device group type.
GroupType1:
title: GroupType1
enum:
- STATIC_GROUP
- DYNAMIC_GROUP
type: string
description: The location group's type (i.e., Static or Dynamic)
HadBreachInLast3Year:
title: HadBreachInLast3Year
enum:
- YES
- NO
- UNKNOWN
type: string
HaveHTTPSecurityHeaderSupport:
title: HaveHTTPSecurityHeaderSupport
enum:
- YES
- NO
- UNKNOWN
type: string
HavePoorItemsOfService:
title: HavePoorItemsOfService
enum:
- YES
- NO
- UNKNOWN
type: string
HaveWeakCipherSupport:
title: HaveWeakCipherSupport
enum:
- YES
- NO
- UNKNOWN
type: string
include:
title: include
enum:
- all
- private
- public
type: string
LogsLimit:
title: LogsLimit
enum:
- UNRESTRICTED
- MONTH_1
- MONTH_2
- MONTH_3
- MONTH_4
- MONTH_5
- MONTH_6
type: string
description: Log range limit.
MalwareScanningContent:
title: MalwareScanningContent
enum:
- YES
- NO
- UNKNOWN
type: string
MatchAccuracy:
title: MatchAccuracy
enum:
- LOW
- MEDIUM
- HEAVY
type: string
description: The IDM template match accuracy.
MatchType:
title: MatchType
enum:
- CONTAINS
- EQUALS
- STARTS_WITH
- ENDS_WITH
type: string
description: Operator that performs match action
MfaSupport:
title: MfaSupport
enum:
- YES
- NO
- UNKNOWN
type: string
On:
title: On
enum:
- RISK_SCORE
- APPLICATION
- APPLICATION_CATEGORY
- SANCTIONED_STATE
- TOTAL_BYTES
- UPLOAD_BYTES
- DOWNLOAD_BYTES
- AUTHENTICATED_USERS
- TRANSACTION_COUNT
- UNAUTH_LOCATION
- LAST_ACCESSED
type: string
Operation:
title: Operation
enum:
- INCLUDE
- EXCLUDE
type: string
Operator:
title: Operator
enum:
- AND
- OR
- OPEN_PARENTHESES
- CLOSE_PARENTHESES
type: string
description: The operator (either AND or OR) used to create logical relationships among tag types
Operator1:
title: Operator1
enum:
- AND
- OR
- OPEN_PARENTHESES
- CLOSE_PARENTHESES
type: string
description: The logical operator (either AND or OR) used to combine the tags within a tag type
OsType:
title: OsType
enum:
- ANY
- OTHER_OS
- IOS
- ANDROID_OS
- WINDOWS_OS
- MAC_OS
- LINUX
type: string
description: The operating system (OS).
osType1:
title: osType1
enum:
- ANY
- OTHER_OS
- IOS
- ANDROID_OS
- WINDOWS_OS
- MAC_OS
- LINUX
type: string
ParentCategory:
title: ParentCategory
enum:
- ANY
- NONE
- WEBMAIL
- SOCIAL
- INSTANT_MESSAGING
- P2P
- STREAMING
- WEBSEARCH
- MALWARE
- IMAGEHOST
- CLOUDINT
- ENTERPRISE
- BUSINESS
- MAPPSTORE
- UNCATEGORIZED
- GAMING
- NETWORK_MGMT
- AUTHENTICATION
- APP_SERVICE
- TUNNELING
- FILE_SERVER_TRANSER
- DATABASE
- CONFERENCE
- REMOTE
- MOBILE
- WEB
- INDETERMINATE
- NETWORK_SERVICE
- OFWBYPASS
type: string
PasswordStrength:
title: PasswordStrength
enum:
- YES
- NO
- UNKNOWN
type: string
PolicyAccess:
title: PolicyAccess
enum:
- NONE|READ_ONLY|READ_WRITE
type: string
description: Policy access permission.
PredefinedCountActionType:
title: PredefinedCountActionType
enum:
- PHRASE_COUNT_TYPE_UNIQUE
- PHRASE_COUNT_TYPE_ALL
type: string
description: 'This field specifies whether duplicate matches of a phrase from a dictionary must be counted individually toward the match count or ignored, thereby maintaining a single count for multiple occurrences.
Note: This field is currently applicable only to the predefined Names dictionaries, such as Names (US), Names (Canada), and Names (Spain).
'
Profile:
title: Profile
enum:
- NONE
- CORPORATE
- SERVER
- GUESTWIFI
- IOT
type: string
description: >-
(Optional) Profile tag that specifies the location traffic type. If not specified, this tag is automatically set to best possible value using certain criteria.
The criteria used for setting best possible value is as follows:
- When invoked with a partner API key, it automatically sets the profile attribute to CORPORATE.
- When invoked using public API, it automatically sets the profile attribute based on the following criteria:
- If the location has authentication enabled, then it sets profile to CORPORATE.
- If the location has authentication disabled and name contains "guest", then it sets profile to GUESTWIFI.
- For all other locations with authentication disabled, it sets profile to SERVER.
Profile1:
title: Profile1
enum:
- NONE
- CORPORATE
- SERVER
- GUESTWIFI
- IOT
type: string
ProfileType:
title: ProfileType
enum:
- LOCAL
- REMOTECRON
- REMOTE
type: string
description: The IDM template's type.
Protocol:
title: Protocol
enum:
- ANY_RULE
- FTP_RULE
- HTTPS_RULE
- HTTP_RULE
type: string
Protocol1:
title: Protocol1
enum:
- SMRULEF_ZPA_BROKERS_RULE
- ANY_RULE
- TCP_RULE
- UDP_RULE
- DOHTTPS_RULE
- TUNNELSSL_RULE
- HTTP_PROXY
- FOHTTP_RULE
- FTP_RULE
- HTTPS_RULE
- HTTP_RULE
- SSL_RULE
- TUNNEL_RULE
type: string
protocol2:
title: protocol2
enum:
- ICMP
- TCP
- UDP
- GRE
- ESP
- OTHER
type: string
Region:
title: Region
enum:
- GLOBAL
- ASIA
- EUROPE
- US
type: string
description: Location of the HSM resources. Required for custom intermediate CA certificates with cloud HSM protection.
RemoteAccessScreenSharing:
title: RemoteAccessScreenSharing
enum:
- YES
- NO
- UNKNOWN
type: string
ReportAccess:
title: ReportAccess
enum:
- NONE|READ_ONLY|READ_WRITE
type: string
description: Report access permission.
RequestMethod:
title: RequestMethod
enum:
- OPTIONS
- GET
- HEAD
- POST
- PUT
- DELETE
- TRACE
- CONNECT
- OTHER
type: string
RoleType:
title: RoleType
enum:
- ORG_ADMIN|EXEC_INSIGHT|EXEC_INSIGHT_AND_ORG_ADMIN|SDWAN
type: string
description: The admin role type. ()This attribute is subject to change.)
SanctionedState:
title: SanctionedState
enum:
- UN_SANCTIONED
- SANCTIONED
- ANY
type: string
description: The cloud application status that indicates whether it is sanctioned or unsanctioned
SanctionedState1:
title: SanctionedState1
enum:
- UN_SANCTIONED
- SANCTIONED
- ANY
type: string
ScheduleDayOfWeek:
title: ScheduleDayOfWeek
enum:
- SUN
- MON
- TUE
- WED
- THU
- FRI
- SAT
type: string
ScheduleType:
title: ScheduleType
enum:
- NONE
- MONTHLY
- WEEKLY
- DAILY
type: string
description: The schedule type for the EDM schema (i.e., EDM template), Monthly, Weekly, Daily, or None. This attribute is required by PUT and POST requests.
ScheduleType1:
title: ScheduleType1
enum:
- NONE
- MONTHLY
- WEEKLY
- DAILY
type: string
description: The schedule type for the IDM template's schedule (i.e., Monthly, Weekly, Daily, or None). This attribute is required by PUT and POST requests.
SecondaryFieldMatchOn:
title: SecondaryFieldMatchOn
enum:
- MATCHON_NONE
- MATCHON_ANY_1
- MATCHON_ANY_2
- MATCHON_ANY_3
- MATCHON_ANY_4
- MATCHON_ANY_5
- MATCHON_ANY_6
- MATCHON_ANY_7
- MATCHON_ANY_8
- MATCHON_ANY_9
- MATCHON_ANY_10
- MATCHON_ANY_11
- MATCHON_ANY_12
- MATCHON_ANY_13
- MATCHON_ANY_14
- MATCHON_ANY_15
- MATCHON_ALL
type: string
description: The EDM secondary field to match on.
SenderPolicyFramework:
title: SenderPolicyFramework
enum:
- YES
- NO
- UNKNOWN
type: string
Severity:
title: Severity
enum:
- RULE_SEVERITY_HIGH
- RULE_SEVERITY_MEDIUM
- RULE_SEVERITY_LOW
- RULE_SEVERITY_INFO
type: string
description: Indicates the severity selected for the DLP rule violation
SignatureAlgorithm:
title: SignatureAlgorithm
enum:
- SHA256
type: string
description: 'Signature algorithm to be used for generating intermediate CA certificate. Default value: SHA256'
SignatureAlgorithm1:
title: SignatureAlgorithm1
enum:
- SHA_1
- SHA_256
type: string
description: Signature Algorithm
SourceIpRestriction:
title: SourceIpRestriction
enum:
- YES
- NO
- UNKNOWN
type: string
SslCertificationValidity:
title: SslCertificationValidity
enum:
- YES
- NO
- UNKNOWN
type: string
SslPinned:
title: SslPinned
enum:
- YES
- NO
- UNKNOWN
type: string
State:
title: State
enum:
- DISABLED
- ENABLED
type: string
description: Enables or disables the DLP policy rule.
State1:
title: State1
enum:
- DISABLED
- ENABLED
type: string
description: Determines whether the Firewall Filtering policy rule is enabled or disabled
State2:
title: State2
enum:
- DISABLED
- ENABLED
type: string
description: Indicates whether the forwarding rule is enabled or disabled
State3:
title: State3
enum:
- DISABLED
- ENABLED
type: string
description: Rule State
Status:
title: Status
enum:
- ENABLED
- DISABLED
type: string
description: The DLP server status
Status1:
title: Status1
enum:
- ENABLED
- DISABLED
- DISABLED_BY_SERVICE_PROVIDER
- NOT_PROVISIONED_IN_SERVICE_PROVIDER
type: string
description: The status of the Incident Receiver.
Status2:
title: Status2
enum:
- INIT
- EXECUTING
- COMPLETE
- CANCELLED
- ERRORED
- VALIDATING
- STOP
type: string
description: Status of running task
Status3:
title: Status3
enum:
- ENABLED
- DISABLED
type: string
description: Determines whether the intermediate CA certificate is enabled or disabled for SSL inspection. Subscription to cloud HSM protection allows a maximum of four active certificates for SSL inspection at a time, whereas software protection subscription allows only one active certificate.
SurrogateRefreshTimeUnit:
title: SurrogateRefreshTimeUnit
enum:
- MINUTE
- HOUR
- DAY
type: string
description: Display Refresh Time Unit. The time unit to display for refresh time for re-validation of surrogacy.
TagType:
title: TagType
enum:
- ANY
- VPC
- SUBNET
- VM
- ENI
- ATTR
type: string
description: The tag type selected from a predefined list
ThresholdType:
title: ThresholdType
enum:
- VIOLATION_COUNT_ONLY
- CONFIDENCE_SCORE_ONLY
- VIOLATION_AND_CONFIDENCE
type: string
description: DLP threshold type
Type:
title: Type
enum:
- ORGANIZATION
- DEPARTMENT
- LOCATION
- LOCATION_GROUP
type: string
description: The admin scope type. The attribute name is subject to change.
Type1:
title: Type1
enum:
- SUPERADMIN
- ADMIN
- AUDITOR
- GUEST
- REPORT_USER
- UNAUTH_TRAFFIC_DEFAULT
type: string
description: User type. Provided only if this user is not an end user.
Type3:
title: Type3
enum:
- DSTN_IP
- DSTN_FQDN
- DSTN_DOMAIN
- DSTN_OTHER
type: string
description: Destination IP group type (i.e., the group can contain destination IP addresses or FQDNs)
Type5:
title: Type5
enum:
- STANDARD
- PREDEFINED
- CUSTOM
type: string
Type6:
title: Type6
enum:
- FIREWALL
- DNS
- DNAT
- SNAT
- FORWARDING
- INTRUSION_PREVENTION
- EC_DNS
- EC_RDR
- EC_SELF
- DNS_RESPONSE
type: string
description: The rule type selected from the available options
Type7:
title: Type7
enum:
- ZPA
- ECZPA
type: string
description: Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA)
Type8:
title: Type8
enum:
- ZSCALER
- CUSTOM_SW
- CUSTOM_HSM
type: string
description: 'Type of the intermediate CA certificate. Available types: Zscaler’s intermediate CA certificate (provided by Zscaler), custom intermediate certificate with software protection, and custom intermediate certificate with cloud HSM protection.
'
Type9:
title: Type9
enum:
- CN
- IP
- UFQDN
- XAUTH
type: string
description: VPN authentication type (i.e., how the VPN credential is sent to the server). It is not modifiable after VpnCredential is created.
Note: Zscaler no longer supports adding a new XAUTH VPN credential, but existing entries can be edited or deleted using the respective endpoints.
type10:
title: type10
enum:
- DSTN_IP
- DSTN_FQDN
- DSTN_DOMAIN
- DSTN_OTHER
type: string
type12:
title: type12
enum:
- CN
- IP
- UFQDN
- XAUTH
type: string
UploadStatus:
title: UploadStatus
enum:
- IDM_PROF_CREATED
- IDM_PROF_PROCESSING
- IDM_PROF_UPLOAD_COMPLETED
- IDM_PROF_VALIDATION_FAILURE
- IDM_PROF_DEL_FAILURE
- IDM_PROF_MD5_CONVERSION_FAILURE
- IDM_PROF_UPLOAD_ERROR
- IDM_PROF_RESV_CRED_ERROR
- IDM_PROF_GENERIC_ERROR
- IDM_PROF_CDSSDLP_COMM_FAIL
- IDM_PROF_CDSSDLP_REJECT
- IDM_PROF_UPLOAD_ABORTED
- FAIL
type: string
description: The status of the file uploaded to the Index Tool for the IDM template.
UsernameAccess:
title: UsernameAccess
enum:
- NONE|READ_ONLY
type: string
description: Username access permission. When set to NONE, the username is obfuscated.
ValidSSLCertificate:
title: ValidSSLCertificate
enum:
- YES
- NO
- UNKNOWN
type: string
Value:
title: Value
enum:
- NONE
- CSA_STAR
- ISO_27001
- HIPAA
- FISMA
- FEDRAMP
- SOC2
- ISO_27018
- PCI_DSS
- ISO_27017
- SOC1
- SOC3
- GDPR
- CCPA
- FERPA
- COPPA
- HITECH
- EU_US_SWISS_PRIVACY_SHIELD
- EU_US_PRIVACY_SHIELD_FRAMEWORK
- CISP
- AICPA
- FIPS
- SAFE_BIOPHARMA
- ISAE_3000
- SSAE_18
- NIST
- ISO_14001
- SOC
- TRUSTE
- ISO_26262
- ISO_20252
- RGPD
- ISO_20243
- ISO_10002
- JIS_Q_15001_2017
- ISMAP
type: string
Value1:
title: Value1
enum:
- NONE
- UN_KNOWN
- BITS_2048
- BITS_256
- BITS_3072
- BITS_384
- BITS_4096
- BITS_1024
type: string
VulnerableDisclosureProgram:
title: VulnerableDisclosureProgram
enum:
- YES
- NO
- UNKNOWN
type: string
VulnerableToHeartBleed:
title: VulnerableToHeartBleed
enum:
- YES
- NO
- UNKNOWN
type: string
VulnerableToLogJam:
title: VulnerableToLogJam
enum:
- YES
- NO
- UNKNOWN
type: string
VulnerableToPoodle:
title: VulnerableToPoodle
enum:
- YES
- NO
- UNKNOWN
type: string
WafSupport:
title: WafSupport
enum:
- YES
- NO
- UNKNOWN
type: string
action51:
title: action51
enum:
- ADD_TO_LIST
- REMOVE_FROM_LIST
type: string
description: The action applied to the exempted URLs list (i.e., adding a URL or removing a URL).
AdminScope2:
title: AdminScope2
type: object
properties:
scopeGroupMemberEntities:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Only applicable for the LOCATION_GROUP admin scope type, in which case this attribute gives the list of ID/name pairs of locations within the location group. The attribute name is subject to change.
Type:
$ref: '#/components/schemas/Type'
ScopeEntities:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Based on the admin scope type, the entities can be the ID/name pair of departments, locations, or location groups. The attribute name is subject to change.
AdpIdmProfile:
title: AdpIdmProfile
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
Auditor:
title: Auditor
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
CbiProfile:
title: CbiProfile
type: object
properties:
id:
type: string
description: The universally unique identifier (UUID) for the browser isolation profile
name:
type: string
description: Name of the browser isolation profile
url:
type: string
description: The browser isolation profile URL
defaultProfile:
type: boolean
description: (Optional) Indicates whether this is a default browser isolation profile. Zscaler sets this field.
ClientVm:
title: ClientVm
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
Content-Type:
title: Content-Type
enum:
- application/json
type: string
CreatedBy:
title: CreatedBy
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
Datacenter2:
title: Datacenter2
type: object
properties:
datacenter:
type: string
description: Zscaler data center name.
readOnly: true
DlpDictionariesRequest:
title: DlpDictionariesRequest
type: object
properties:
id:
type: integer
description: Unique identifier for the DLP dictionary
format: int32
readOnly: true
name:
type: string
description: The DLP dictionary's name
description:
type: string
description: The description of the DLP dictionary
confidenceThreshold:
$ref: '#/components/schemas/ConfidenceThreshold'
predefinedCountActionType:
$ref: '#/components/schemas/PredefinedCountActionType'
dictionaryCloningEnabled:
type: boolean
description: A Boolean constant that indicates that the cloning option is supported for the DLP dictionary using the true value. This field is applicable only to predefined DLP dictionaries.
readOnly: true
proximityEnabledForCustomDictionary:
type: boolean
description: 'A Boolean constant that indicates if proximity length is enabled or disabled for a custom DLP dictionary. A true value indicates that proximity length is enabled, whereas a false value indicates that it is disabled.
Note: This field is applicable only for specific custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option. For predefined DLP dictionaries, this field value is always set to false.
'
phrases:
type: array
items:
$ref: '#/components/schemas/DictionaryPhraseActionString'
description: List containing the phrases used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries.
customPhraseMatchType:
$ref: '#/components/schemas/CustomPhraseMatchType'
customPhraseSupported:
type: boolean
description: A Boolean constant that indicates that custom phrases are supported for the DLP dictionary using the true value. This field is applicable only to predefined DLP dictionaries with a high confidence score threshold.
readOnly: true
patterns:
type: array
items:
$ref: '#/components/schemas/DictionaryPatternActionString'
description: List containing the patterns used within a custom DLP dictionary. This attribute is not applicable to predefined DLP dictionaries
nameL10nTag:
type: boolean
description: Indicates whether the name is localized or not. This is always set to True for predefined DLP dictionaries.
readOnly: true
thresholdType:
allOf:
- $ref: '#/components/schemas/ThresholdType'
- {}
readOnly: true
dictionaryType:
$ref: '#/components/schemas/DictionaryType'
exactDataMatchDetails:
type: array
items:
$ref: '#/components/schemas/ExactDataMatchDetail'
description: Exact Data Match (EDM) related information for custom DLP dictionaries.
hierarchicalDictionary:
type: boolean
description: A true value indicates that the DLP dictionary is of hierarchical type that includes sub-dictionaries. A false value indicates that the dictionary is not hierarchical.
readOnly: true
hierarchicalIdentifiers:
type: array
items:
type: string
description: 'The list of identifiers selected within a DLP dictionary of hierarchical type. Each identifier represents a sub-dictionary that consists of specific patterns. To retrieve the list of identifiers that are available for selection within a specific hierarchical dictionary, send a GET request to /dlpDictionaries/{dictId}/predefinedIdentifiers.
To learn about hierarchical dictionaries, see Configuring the URL Filtering Policy.
Note: This field is applicable to predefined hierarchical dictionaries, such as the Driver’s License (United States), Passport Number (European Union), and Credentials and Secrets dictionaries or their clones.
'
idmProfileMatchAccuracy:
type: array
items:
$ref: '#/components/schemas/IdmProfileMatchAccuracyDetail'
description: List of Indexed Document Match (IDM) profiles and their corresponding match accuracy for custom DLP dictionaries.
ignoreExactMatchIdmDict:
type: boolean
description: Indicates whether to exclude documents that are a 100% match to already-indexed documents from triggering an Indexed Document Match (IDM) Dictionary.
includeBinNumbers:
type: boolean
description: 'A true value denotes that the specified Bank Identification Number (BIN) values are included in the Credit Cards dictionary. A false value denotes that the specified BIN values are excluded from the Credit Cards dictionary.
Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.
'
binNumbers:
type: array
items:
type: integer
format: int32
description: 'The list of Bank Identification Number (BIN) values that are included or excluded from the Credit Cards dictionary. BIN values can be specified only for Diners Club, Mastercard, RuPay, and Visa cards. Up to 512 BIN values can be configured in a dictionary.
Note: This field is applicable only to the predefined Credit Cards dictionary and its clones.
'
dictTemplateId:
type: integer
description: ID of the predefined dictionary (original source dictionary) that is used for cloning. This field is applicable only to cloned dictionaries. Only a limited set of identification-based predefined dictionaries (e.g., Credit Cards, Social Security Numbers, National Identification Numbers, etc.) can be cloned. Up to 4 clones can be created from a predefined dictionary.
format: int32
predefinedClone:
type: boolean
description: This field is set to true if the dictionary is cloned from a predefined dictionary. Otherwise, it is set to false.
readOnly: true
proximity:
type: integer
description: 'The DLP dictionary proximity length that defines how close a high confidence phrase must be to an instance of the pattern (that the dictionary detects) to count as a match.
Note: Proximity length is supported only for specific predefined DLP dictionaries with a high confidence score threshold and custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option.
'
format: int32
custom:
type: boolean
description: This value is set to true for custom DLP dictionaries.
readOnly: true
proximityLengthEnabled:
type: boolean
description: 'A Boolean constant that indicates whether the proximity length option is supported for a DLP dictionary or not. A true value indicates that the proximity length option is supported, whereas a false value indicates that it is not supported.
Note: Proximity length is supported only for specific predefined DLP dictionaries with a high confidence score threshold and custom DLP dictionaries configured with the Match Any Patterns And Any Phrases option.
'
readOnly: true
DlpEnginesRequest:
title: DlpEnginesRequest
type: object
properties:
id:
type: integer
description: The unique identifier for the DLP engine.
format: int32
name:
type: string
description: The DLP engine name as configured by the admin. This attribute is required in POST and PUT requests for custom DLP engines.
predefinedEngineName:
type: string
description: The name of the predefined DLP engine.
readOnly: true
engineExpression:
type: string
description: The logical expression that defines a DLP engine by combining DLP dictionaries using logical operators, namely All (AND), Any (OR), Exclude (NOT), and Sum (the total number of content matches). To learn more about DLP engine expressions, see Understanding DLP Engines.
Engine expression examples:
((D63.S > 1))((D38.S > 1) AND (D63.S > 1))((D38.S > 1) OR (D63.S > 1))((D38.S > 0) AND ( NOT ( (D61.S > 0) ) )(SUM(D63.S, D38.S) > 3)
In the preceding examples, 63 represents the ID of the Credit Cards dictionary ID, 61 is the Financial Statements ID, and 38 is the ABA Bank Routing Numbers dictionary ID. Each dictionary ID is wrapped around by a prefix (D) and a suffix (.S).
customDlpEngine:
type: boolean
description: Indicates whether this is a custom DLP engine. If this value is set to true, the engine is custom.
description:
type: string
description: The DLP engine's description.
DynamicLocationGroupCriteria2:
title: DynamicLocationGroupCriteria2
type: object
properties:
name:
$ref: '#/components/schemas/StringFilter'
countries:
type: array
items:
type: string
description: One or more countries from a predefined set
city:
$ref: '#/components/schemas/StringFilter'
managedBy:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: One or more values from a predefined set of SD-WAN partner list to display partner names.
enforceAuthentication:
type: boolean
description: Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
enforceAup:
type: boolean
description: Enable AUP. When set to true, AUP is enabled for the location.
enforceFirewallControl:
type: boolean
description: Enable Firewall. When set to true, Firewall is enabled for the location.
enableXffForwarding:
type: boolean
description: Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
enableCaution:
type: boolean
description: Enable Caution. When set to true, a caution notifcation is enabled for the location.
enableBandwidthControl:
type: boolean
description: Enable Bandwidth Control. When set to true, Bandwidth Control is enabled for the location.
profiles:
type: array
items:
$ref: '#/components/schemas/Profile1'
description: One or more location profiles from a predefined set
EdmClient:
title: EdmClient
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
entity1:
title: entity1
enum:
- USER
- LOCATION
type: string
description: Indicates whether the Shadow IT Report must be generated to retrieve the list of users who have interacted with a cloud application or the known locations where the cloud application is accessed
EventlogEntryReportRequest:
title: EventlogEntryReportRequest
type: object
properties:
startTime:
type: integer
description: Start time for event log entry
format: int64
endTime:
type: integer
description: End time for event log entry
format: int64
page:
type: integer
description: Specifies the page offset
format: int32
pageSize:
type: integer
description: Specifies the page size
format: int32
category:
type: string
description: Filters the list based on the category of event log entries
subcategories:
type: array
items:
type: string
description: Filters the list based on the subcategories within a category of event log entries
actionResult:
type: string
description: Filters the list based on the outcome of the events recorded
message:
type: string
description: The search string used to match against the event log message
errorCode:
type: string
description: The search string used to match against the error code in event log entries
statusCode:
type: string
description: The search string used to match against the status code in event log entries
excludeType1:
title: excludeType1
enum:
- DSTN_IP
- DSTN_FQDN
- DSTN_DOMAIN
- DSTN_OTHER
type: string
description: Filter based on the IP destination group's type.
excludeType2:
title: excludeType2
enum:
- DSTN_IP
- DSTN_FQDN
- DSTN_DOMAIN
- DSTN_OTHER
type: string
description: Specifies a destination group type to exclude the corresponding groups from the list.
excludeType3:
title: excludeType3
enum:
- DSTN_IP
- DSTN_FQDN
- DSTN_DOMAIN
- DSTN_OTHER
type: string
description: Specifies a destination group type to exclude the corresponding groups from the list type.
excludeType4:
title: excludeType4
enum:
- DSTN_IP
- DSTN_FQDN
- DSTN_DOMAIN
- DSTN_OTHER
type: string
description: Exclude from list based on the IP destination group's type.
force1:
title: force1
enum:
- '0'
- '1'
type: string
description: Submit file to sandbox even if found malicious during AV scan and a verdict already exists.
ForwardingRulesRequest:
title: ForwardingRulesRequest
required:
- name
- rank
- forwardMethod
type: object
properties:
id:
type: integer
description: A unique identifier assigned to the forwarding rule
format: int32
readOnly: true
name:
type: string
description: The name of the forwarding rule
type:
$ref: '#/components/schemas/Type6'
order:
type: integer
description: The order of execution for the forwarding rule order
format: int32
rank:
type: integer
description: Admin rank assigned to the forwarding rule
format: int32
locations:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the locations to which the forwarding rule applies. If not set, the rule is applied to all locations.
locationGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the location groups to which the forwarding rule applies
ecGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the Zscaler Cloud Connector groups to which the forwarding rule applies
departments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the departments to which the forwarding rule applies. If not set, the rule applies to all departments.
groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the user groups to which the forwarding rule applies. If not set, the rule applies to all groups.
users:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the users to which the forwarding rule applies. If not set, user criteria is ignored during policy enforcement.
forwardMethod:
$ref: '#/components/schemas/ForwardMethod'
state:
$ref: '#/components/schemas/State2'
description:
type: string
description: Additional information about the forwarding rule
lastModifiedTime:
type: integer
description: Timestamp when the rule was last modified. This field is not applicable for POST or PUT request.
format: int32
readOnly: true
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
srcIps:
type: array
items:
type: string
description: User-defined source IP addresses for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address.
srcIpGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'Source IP address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IP address group.
Note: For organizations that have enabled IPv6, the srcIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
'
srcIpv6Groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'Source IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
'
destAddresses:
type: array
items:
type: string
description: List of destination IP addresses or FQDNs for which the rule is applicable. CIDR notation can be used for destination IP addresses. If not set, the rule is not restricted to a specific destination addresses unless specified by destCountries, destIpGroups, or destIpCategories.
destIpCategories:
type: array
items:
type: string
description: List of destination IP categories to which the rule applies. If not set, the rule is not restricted to specific destination IP categories.
resCategories:
type: array
items:
type: string
description: List of destination domain categories to which the rule applies
destCountries:
type: array
items:
type: string
description: Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
destIpGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'User-defined destination IP address groups to which the rule is applied. If not set, the rule is not restricted to a specific destination IP address group.
Note: For organizations that have enabled IPv6, the destIpv6Groups field lists the IPv6 source address groups for which the rule is applicable.
'
destIpv6Groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'Destination IPv6 address groups for which the rule is applicable. If not set, the rule is not restricted to a specific source IPv6 address group.
Note: User-defined groups for IPv6 addresses are currently not supported.
'
nwServices:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: 'User-defined network services to which the rule applies. If not set, the rule is not restricted to a specific network service.
Note: When the forwarding method is Proxy Chaining, only TCP-based network services are considered for policy match .
'
nwServiceGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: User-defined network service group to which the rule applies. If not set, the rule is not restricted to a specific network service group.
proxyGateway:
$ref: '#/components/schemas/ProxyGateway'
zpaAppSegments:
type: array
items:
$ref: '#/components/schemas/AppSegment'
description: The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method.
zpaApplicationSegments:
type: array
items:
$ref: '#/components/schemas/ZpaApplicationSegment'
description: List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector).
zpaApplicationSegmentGroups:
type: array
items:
$ref: '#/components/schemas/ZpaApplicationSegmentGroup'
description: List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector).
zpaGateway:
$ref: '#/components/schemas/ZpaGateway2'
zpaBrokerRule:
type: boolean
description: The predefined ZPA Broker Rule generated by Zscaler
readOnly: true
devices:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of devices for which the rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
labels:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Labels that are applicable to the rule
nwApplications:
type: array
items:
type: string
description: User-defined network service applications to which the rule applies. If not set, the rule is not restricted to a specific network service application.
nwApplicationGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: User-defined network service application groups to which the rule applied. If not set, the rule is not restricted to a specific network service application group.
timeWindows:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The time interval at which the forwarding rule applies
GreTunnelsRequest:
title: GreTunnelsRequest
type: object
properties:
id:
type: integer
description: Unique identifier of the static IP address that is associated to a GRE tunnel
format: int32
readOnly: true
sourceIp:
type: string
description: The source IP address of the GRE tunnel. This is typically a static IP address in the organization or SD-WAN. This IP address must be provisioned within the Zscaler service using the /staticIP endpoint.
primaryDestVip:
$ref: '#/components/schemas/PrimaryDestVip'
secondaryDestVip:
$ref: '#/components/schemas/SecondaryDestVip'
internalIpRange:
type: string
description: The start of the internal IP address in /29 CIDR range
managedBy:
allOf:
- $ref: '#/components/schemas/ManagedBy'
- {}
readOnly: true
lastModificationTime:
type: integer
description: When the GRE tunnel information was last modified
format: int32
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
withinCountry:
type: boolean
description: Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP address
comment:
type: string
description: Additional information about this GRE tunnel
ipUnnumbered:
type: boolean
description: This is required to support the automated SD-WAN provisioning of GRE tunnels, when set to true gre_tun_ip and gre_tun_id are set to null
subcloud:
type: string
description: Restrict the data center virtual IP addresses (VIPs) only to those part of the subcloud
IcapServer1:
title: IcapServer1
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
IdmClient:
title: IdmClient
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
include1:
title: include1
enum:
- all
- private
- public
type: string
description: Include all, private, or public VIPs in the list.
IntermediateCaCertificateGenerateCsrRequest:
title: IntermediateCaCertificateGenerateCsrRequest
required:
- csrFileName
- commName
- orgName
- deptName
- city
- state
- country
type: object
properties:
certId:
type: integer
description: Unique identifier for the intermediate CA certificate
format: int32
readOnly: true
csrFileName:
type: string
description: Name of the CSR file
commName:
type: string
description: Common Name (CN) of your organization’s domain, such as zscaler.com
orgName:
type: string
description: Name of your organization or company
deptName:
type: string
description: Name of your department or division
city:
type: string
description: Name of the city or town where your organization is located
state:
type: string
description: State, province, region, or county where your organization is located
country:
type: string
keySize:
type: integer
description: 'Key size to be used in the encryption algorithm in bits. Default size: 2048 bits'
format: int32
readOnly: true
signatureAlgorithm:
$ref: '#/components/schemas/SignatureAlgorithm'
pathLengthConstraint:
type: integer
description: 'The path length constraint for the intermediate CA certificate. Default values: 0 for cloud HSM, 1 for software protection'
format: int32
readOnly: true
IntermediateCaCertificateRequest:
title: IntermediateCaCertificateRequest
required:
- name
- type
type: object
properties:
id:
type: integer
description: Unique identifier for the intermediate CA certificate
format: int32
readOnly: true
name:
type: string
description: Name of the intermediate CA certificate
type:
$ref: '#/components/schemas/Type8'
region:
$ref: '#/components/schemas/Region'
status:
$ref: '#/components/schemas/Status3'
defaultCertificate:
type: boolean
description: If set to true, the intermediate CA certificate is the default intermediate certificate. Only one certificate can be marked as the default intermediate certificate at a time.
certStartDate:
type: integer
description: Start date of the intermediate CA certificate’s validity period
format: int64
readOnly: true
certExpDate:
type: integer
description: Expiration date of the intermediate CA certificate’s validity period
format: int64
readOnly: true
description:
type: string
description: Description for the intermediate CA certificate
currentState:
$ref: '#/components/schemas/CurrentState'
publicKey:
type: string
description: Public key in the HSM key pair generated for the intermediate CA certificate
readOnly: true
keyGenerationTime:
type: integer
description: Timestamp when the HSM key was generated
format: int32
readOnly: true
hsmAttestationVerifiedTime:
type: integer
description: Timestamp when the attestation for the HSM key was verified
format: int32
readOnly: true
csrFileName:
type: string
description: Certificate Signing Request (CSR) file name
readOnly: true
csrGenerationTime:
type: integer
description: Timestamp when the Certificate Signing Request (CSR) was generated
format: int32
readOnly: true
LastModifiedBy:
title: LastModifiedBy
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
LastModUser:
title: LastModUser
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
Location1:
title: Location1
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
ManagedBy:
title: ManagedBy
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
ModifiedBy:
title: ModifiedBy
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
NotificationTemplate:
title: NotificationTemplate
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
osType11:
title: osType11
enum:
- ANY
- OTHER_OS
- IOS
- ANDROID_OS
- WINDOWS_OS
- MAC_OS
- LINUX
type: string
description: The device's operating system.
PrimaryDestVip:
title: PrimaryDestVip
type: object
properties:
id:
type: integer
description: Unique identifer of the GRE virtual IP address (VIP)
format: int32
virtualIp:
type: string
description: GRE cluster virtual IP address (VIP)
privateServiceEdge:
type: boolean
description: Set to true if the virtual IP address (VIP) is a ZIA Private Service Edge
readOnly: true
datacenter:
type: string
description: Data center information
readOnly: true
protocol21:
title: protocol21
enum:
- ICMP
- TCP
- UDP
- GRE
- ESP
- OTHER
type: string
description: Filter based on the network service protocol.
ProxyGateway:
title: ProxyGateway
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
Role:
title: Role
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
Schedule:
title: Schedule
type: object
properties:
scheduleType:
$ref: '#/components/schemas/ScheduleType'
scheduleDayOfMonth:
type: array
items:
type: string
description: The day of the month the EDM schema (i.e., EDM template) is scheduled for. This attribute is required by PUT and POST requests, and if the scheduleType is set to MONTHLY.
scheduleDayOfWeek:
type: array
items:
$ref: '#/components/schemas/ScheduleDayOfWeek'
description: The day of the week the EDM schema (i.e., EDM template) is scheduled for. This attribute is required by PUT and POST requests, and if the scheduleType is set to WEEKLY.
scheduleTime:
type: integer
description: 'The time of the day (in minutes) that the EDM schema (i.e., EDM template) is scheduled for. For example: at 3am= 180 mins. This attribute is required by PUT and POST requests.'
format: int32
scheduleDisabled:
type: boolean
description: If set to true, the schedule for the EDM schema (i.e., EDM template) is temporarily in a disabled state. This attribute is required by PUT requests in order to disable or enable a schedule.
Schema:
title: Schema
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
SecondaryDestVip:
title: SecondaryDestVip
type: object
properties:
id:
type: integer
description: Unique identifer of the GRE virtual IP address (VIP)
format: int32
virtualIp:
type: string
description: GRE cluster virtual IP address (VIP)
privateServiceEdge:
type: boolean
description: Set to true if the virtual IP address (VIP) is a ZIA Private Service Edge
readOnly: true
datacenter:
type: string
description: Data center information
readOnly: true
StaticIPRequest:
title: StaticIPRequest
required:
- latitude
- longitude
type: object
properties:
id:
type: integer
description: The unique identifier for the static IP address
format: int32
readOnly: true
ipAddress:
type: string
description: The static IP address
geoOverride:
type: boolean
description: If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided.
latitude:
type: number
description: Required only if the geoOverride attribute is set. Latitude with 7 digit precision after decimal point, ranges between -90 and 90 degrees.
longitude:
type: number
description: Required only if the geoOverride attribute is set. Longitude with 7 digit precision after decimal point, ranges between -180 and 180 degrees.
routableIP:
type: boolean
description: Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization.
managedBy:
$ref: '#/components/schemas/ManagedBy'
lastModificationTime:
type: integer
description: When the static IP address was last modified
format: int32
readOnly: true
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
comment:
type: string
description: Additional information about this static IP address
StaticIPValidateRequest:
title: StaticIPValidateRequest
required:
- latitude
- longitude
type: object
properties:
id:
type: integer
description: The unique identifier for the static IP address
format: int32
readOnly: true
ipAddress:
type: string
description: The static IP address
geoOverride:
type: boolean
description: If not set, geographic coordinates and city are automatically determined from the IP address. Otherwise, the latitude and longitude coordinates must be provided.
latitude:
type: number
description: Required only if the geoOverride attribute is set. Latitude with 7 digit precision after decimal point, ranges between -90 and 90 degrees.
longitude:
type: number
description: Required only if the geoOverride attribute is set. Longitude with 7 digit precision after decimal point, ranges between -180 and 180 degrees.
routableIP:
type: boolean
description: Indicates whether a non-RFC 1918 IP address is publicly routable. This attribute is ignored if there is no ZIA Private Service Edge associated to the organization.
managedBy:
$ref: '#/components/schemas/ManagedBy'
lastModificationTime:
type: integer
description: When the static IP address was last modified
format: int32
readOnly: true
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
comment:
type: string
description: Additional information about this static IP address
TagContainer2:
title: TagContainer2
type: object
properties:
tags:
type: array
items:
$ref: '#/components/schemas/Tag'
description: 'One or more tags, each consisting of a key-value pair, selected within a tag type. If multiple tags are present within a tag type, they are combined using a logical operator.
Note: A maximum of 8 tags can be added to a workload group, irrespective of the number of tag types present.
'
operator:
$ref: '#/components/schemas/Operator1'
UrlFilteringRulesRequest:
title: UrlFilteringRulesRequest
required:
- name
type: object
properties:
id:
type: integer
description: URL Filtering Rule ID
format: int32
name:
type: string
description: Rule Name
order:
type: integer
description: Order of execution of rule with respect to other URL Filtering rules
format: int32
protocols:
type: array
items:
$ref: '#/components/schemas/Protocol1'
description: Protocol criteria
locations:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of locations for which rule must be applied
groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of groups for which rule must be applied
departments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of departments for which rule must be applied
users:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of users for which rule must be applied
urlCategories:
type: array
items:
type: string
description: List of URL categories for which rule must be applied
state:
$ref: '#/components/schemas/State3'
timeWindows:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of time interval during which rule must be enforced.
workloadGroups:
type: array
items:
$ref: '#/components/schemas/WorkloadGroup'
description: The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups.
rank:
type: integer
description: Admin rank of the admin who creates this rule
format: int32
requestMethods:
type: array
items:
$ref: '#/components/schemas/RequestMethod'
description: Request method for which the rule must be applied. If not set, rule is applied to all methods
endUserNotificationUrl:
type: string
description: URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified.
overrideUsers:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of users for which this rule can be overridden. Applicable only if blockOverride is set to 'true', action is 'BLOCK' and overrideGroups is not set.If this overrideUsers is not set, 'BLOCK' action can be overridden for any user.
overrideGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of groups for which this rule can be overridden. Applicable only if blockOverride is set to 'true' and action is 'BLOCK'. If this overrideGroups is not set, 'BLOCK' action can be overridden for any group.
blockOverride:
type: boolean
description: When set to true, a 'BLOCK' action triggered by the rule could be overridden. If true and both overrideGroup and overrideUsers are not set, the BLOCK triggered by this rule could be overridden for any users. If blockOverride is not set, 'BLOCK' action cannot be overridden.
default: false
timeQuota:
type: integer
description: Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
format: int32
sizeQuota:
type: integer
description: Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule action is set to 'BLOCK', this field is not applicable.
format: int32
description:
type: string
description: Additional information about the URL Filtering rule
locationGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of the location groups to which the rule must be applied.
labels:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The URL Filtering rule's label. Rule labels allow you to logically group your organization's policy rules. Policy rules that are not associated with a rule label are grouped under the Untagged label.
validityStartTime:
type: integer
description: If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time.
format: int32
validityEndTime:
type: integer
description: If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time.
format: int32
validityTimeZoneId:
type: string
description: If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID.
lastModifiedTime:
type: integer
description: When the rule was last modified
format: int32
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
enforceTimeValidity:
type: boolean
description: Enforce a set a validity time period for the URL Filtering rule. To learn more, see Configuring the URL Filtering Policy.
devices:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: Name-ID pairs of devices for which rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation.
deviceTrustLevels:
type: array
items:
$ref: '#/components/schemas/DeviceTrustLevel'
description: List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation.
action:
$ref: '#/components/schemas/Action4'
cbiProfile:
$ref: '#/components/schemas/CbiProfile'
ciparule:
type: boolean
description: If set to true, the CIPA Compliance rule is enabled
default: false
WebDlpRulesRequest:
title: WebDlpRulesRequest
type: object
properties:
accessControl:
allOf:
- $ref: '#/components/schemas/AccessControl'
- {}
readOnly: true
id:
type: integer
description: The unique identifier for the DLP policy rule.
format: int32
order:
type: integer
description: The rule order of execution for the DLP policy rule with respect to other rules.
format: int32
protocols:
type: array
items:
$ref: '#/components/schemas/Protocol'
description: The protocol criteria specified for the DLP policy rule.
rank:
type: integer
description: The admin rank of the admin who created the DLP policy rule.
format: int32
description:
type: string
description: The description of the DLP policy rule.
locations:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of locations to which the DLP policy rule must be applied.
locationGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of locations groups to which the DLP policy rule must be applied.
groups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of groups to which the DLP policy rule must be applied.
departments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of departments to which the DLP policy rule must be applied.
users:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of users to which the DLP policy rule must be applied.
workloadGroups:
type: array
items:
$ref: '#/components/schemas/WorkloadGroup'
description: The list of preconfigured workload groups to which the policy must be applied. To learn more, see About Workload Groups and Configuring Workload Groups.
urlCategories:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The list of URL categories to which the DLP policy rule must be applied.
dlpEngines:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The list of DLP engines to which the DLP policy rule must be applied.
includedDomainProfiles:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The list of domain profiles that must be added to the DLP rule criteria in order to apply the DLP rules only to domains that are part of the specified profiles. A maximum of 8 profiles can be selected.
excludedDomainProfiles:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The list of domain profiles that must be added to the DLP rule criteria in order to apply the DLP rules to all domains excluding the domains that are part of the specified profiles. A maximum of 8 profiles can be selected.
severity:
$ref: '#/components/schemas/Severity'
parentRule:
type: integer
description: 'The unique identifier of the parent rule under which an exception rule is added.
Note: Exception rules can be configured only when the inline DLP rule evaluation type is set to evaluate all DLP rules in the DLP Advanced Settings. To learn more, see Configuring DLP Advanced Settings.
'
format: int32
subRules:
type: array
items:
type: object
description: The list of exception rules added to a parent rule.
Note:
- All attributes within the
WebDlpRule model are applicable to the sub-rules. Values for each rule are specified by using the WebDlpRule object. - Exception rules can be configured only when the inline DLP rule evaluation type is set to evaluate all DLP rules in the DLP Advanced Settings. To learn more, see Configuring DLP Advanced Settings.
fileTypes:
type: array
items:
type: string
description: 'The list of file types for which the DLP policy rule must be applied.
Note:
- BITMAP, JPEG, PNG, and TIFF file types are exclusively supported when optical character recognition (OCR) is enabled for DLP rules with content inspection.
- ALL_OUTBOUND is applicable only when an external DLP engine is used for DLP rules without content inspection.
'
cloudApplications:
type: array
items:
type: string
description: The list of cloud applications to which the DLP policy rule must be applied.
minSize:
type: integer
description: The minimum file size (in KB) used for evaluation of the DLP policy rule.
format: int32
action:
$ref: '#/components/schemas/Action2'
state:
$ref: '#/components/schemas/State'
timeWindows:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of time windows to which the DLP policy rule must be applied.
auditor:
$ref: '#/components/schemas/Auditor'
externalAuditorEmail:
type: string
description: The email address of an external auditor to whom DLP email notifications are sent.
notificationTemplate:
$ref: '#/components/schemas/NotificationTemplate'
matchOnly:
type: boolean
description: The match only criteria for DLP engines.
lastModifiedTime:
type: integer
description: Timestamp when the DLP policy rule was last modified.
format: int32
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
icapServer:
$ref: '#/components/schemas/IcapServer1'
withoutContentInspection:
type: boolean
description: Indicates a DLP policy rule without content inspection, when the value is set to true.
name:
type: string
description: The DLP policy rule name.
labels:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The Name-ID pairs of rule labels associated to the DLP policy rule.
excludedGroups:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The name-ID pairs of the groups that are excluded from the DLP policy rule.
excludedDepartments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The name-ID pairs of the departments that are excluded from the DLP policy rule.
excludedUsers:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: The name-ID pairs of the users that are excluded from the DLP policy rule.
dlpDownloadScanEnabled:
type: boolean
description: If this field is set to true, DLP scan is enabled for file downloads from cloud applications configured in the rule. If this field is set to false, DLP scan is disabled for downloads from the cloud applications.
zscalerIncidentReceiver:
type: boolean
description: Indicates whether a Zscaler Incident Receiver is associated to the DLP policy rule.
zccNotificationsEnabled:
type: boolean
description: 'If this field is set to true, Zscaler Client Connector notification is enabled for the block action triggered by the web DLP rule. If this field is set to false, Zscaler Client Connector notification is disabled.
Note: This field can be configured only if the Web DLP Violation end user notification is enabled.
'
ZpaGateway2:
title: ZpaGateway2
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
ZpaGatewaysRequest:
title: ZpaGatewaysRequest
type: object
properties:
id:
type: integer
description: A unique identifier assigned to the ZPA gateway
format: int32
name:
type: string
description: The name of the ZPA gateway
zpaServerGroup:
$ref: '#/components/schemas/ZpaServerGroup'
zpaAppSegments:
type: array
items:
$ref: '#/components/schemas/EntityReference'
description: All the Application Segments that are associated with the selected ZPA Server Group for which Source IP Anchoring is enabled
zpaTenantId:
type: integer
description: The ID of the ZPA tenant where Source IP Anchoring is configured
format: int64
lastModifiedBy:
$ref: '#/components/schemas/LastModifiedBy'
lastModifiedTime:
type: integer
description: Timestamp when the ZPA gateway was last modified
format: int32
type:
$ref: '#/components/schemas/Type7'
description:
type: string
description: Additional details about the ZPA gateway
ZpaServerGroup:
title: ZpaServerGroup
type: object
properties:
id:
type: integer
description: A unique identifier for an entity
format: int64
name:
type: string
description: The configured name of the entity
readOnly: true
externalId:
type: string
description: An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
extensions:
type: object
additionalProperties:
type: string
description: Additional information about the entity
tags:
- name: Sandbox Submission API
description: ''
- name: Applications
description: ''
- name: App Views
description: ''
- name: Admin & Role Management
description: ''
- name: Browser Isolation
description: ''
- name: Data Loss Prevention
description: ''
- name: Device Groups
description: ''
- name: Event Logs
description: ''
- name: Firewall Policies
description: ''
- name: Forwarding Control Policy
description: ''
- name: Intermediate CA Certificates
description: ''
- name: IoT Report
description: ''
- name: Location Management
description: ''
- name: Rule Labels
description: ''
- name: Sandbox Settings
description: ''
- name: Shadow IT Report
description: ''
- name: Traffic Forwarding
description: ''
- name: URL Filtering Policies
description: ''
- name: User Authentication Settings
description: ''
- name: Workload Groups
description: ''