Using the Policy Management REST APIs
The user accessing these APIs must have the Security Officer permission for write access and the Security Viewer permission for read-only access.
For more information about the roles and permissions required, refer to the section Managing Roles.
The Policy Management API uses the v2 version.
If you want to perform common operations using the Policy Management REST API, then refer the section Using the Common REST API Endpoints.
The following table provides section references that explain usage of some of the Policy Management REST APIs. It includes an example workflow to work with the Policy Management functions. If you want to view all the Policy Management APIs, then use the /doc API to retrieve the API specification.
| REST API | Section Reference |
|---|---|
| Policy Management initialization | Initializing the Policy Management |
| Creating an empty manual role that will accept all users | Creating a Manual Role |
| Create data elements | Create Data Elements |
| Create policy | Create Policy |
| Add roles and data elements to the policy | Adding roles and data elements to the policy |
| Create a default data store | Creating a default datastore |
| Deploy the data store | Deploying the Data Store |
| Get the deployment information | Getting the Deployment Information |
Initializing the Policy Management
This section explains how you can initialize Policy Management to create the keys-related data and the policy repository. If you are initializing the Policy Management from the ESA Web UI, then the execution of this service is not required.
For more information about initializing the Policy Management from the ESA Web UI, refer to the section Initializing the Policy Management.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/init
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address or Hostname}:443/pty/v2/pim/init" -H "accept: application/json"
This sample request uses the JWT token authentication.
Creating a Manual Role
This section explains how you can create a manual role that accepts all the users.
For more information about working with roles, refer to the section Working with Roles.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/roles
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address or Hostname}:443/pty/v2/pim/roles" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"name\":\"ROLE\",\"mode\":\"MANUAL\",\"allowAll\": true}
This sample request uses the JWT token authentication.
Creating Data Elements
This section explains how you can create data elements.
For more information about working with data elements, refer to the section Working with Data Elements.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/roles
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address or Hostname}:443/pty/v2/pim/dataelements" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"name\": \"DE_ALPHANUM\",\"description\": \"DE_ALPHANUM\",\"alphaNumericToken\":{\"tokenizer\":\"SLT_1_3\",\"fromLeft\": 0,\"fromRight\": 0,\"lengthPreserving\": true, \"allowShort\": \"YES\"}}"
This sample request uses the JWT token authentication.
Creating Policy
This section explains how you can create a policy.
For more information about working with policies, refer to the section Creating Policies.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/policies
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address or Hostname}:443/pty/v2/pim/policies" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"name\":\"POLICY\",\"description\": \"POLICY\", \"template\":{\"access\":{\"protect\":true,\"reProtect\":true,\"unProtect\":true},\"audit\":{\"success\":{\"protect\":false,\"reProtect\":false,\"unProtect\":false},\"failed\":{\"protect\":false,\"reProtect\":false,\"unProtect\":false}}}}"
This sample request uses the JWT token authentication.
Adding Roles and Data Elements to a Policy
This section explains how you can add roles and data elements to a policy.
For more information about adding roles and data elements to a policy, refer to the sections Adding Data Elements to Policy and Adding Roles to Policy respectively.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/policies/1/rules
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address or Hostname}:443/pty/v2/pim/policies/1/rules" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"role\":\"1\",\"dataElement\":\"1\",\"noAccessOperation\":\"EXCEPTION\",\"permission\":{\"access\":{\"protect\":true,\"reProtect\":true,\"unProtect\":true},\"audit\":{\"success\":{\"protect\":false,\"reProtect\":false,\"unProtect\":false},\"failed\":{\"protect\":false,\"reProtect\":false,\"unProtect\":false}}}}"
This sample request uses the JWT token authentication.
Creating a Default Data Store
This section explains how you can create a default data store.
For more information about working with data stores, refer to the section Creating a Data Store.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/datastores
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address or Hostname}:443/pty/v2/pim/datastores" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"name\":\"DS\",\"description\": \"DS\", \"default\":true}"
This sample request uses the JWT token authentication.
Deploying the Data Store
This section explains how you can deploy policies or trusted applications linked to a specific data store or multiple data stores.
For more information about deploying the Data Store, refer to the section Deploying Data Stores.
Deploying a Specific Data Store
This section explains how you can deploy policies and trusted applications linked to a specific data store. The specifications provided for the specific data store are applied and becomes the end-result.
Note: If you deploy an array with empty policies or trusted applications, or both, then the connected protectors contain empty definitions for these respective items.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/datastores/{dataStoreUid}/deploy
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address or Hostname}:443/pty/v2/pim/datastores/{dataStoreUid}/deploy" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"policies\":[\"1\"],\"applications\":[\"1\"]}"
This sample request uses the JWT token authentication.
Deploying Data Stores
This section explains how you can deploy data stores, which can contain the linking of either the policies or trusted applications, or both for the deployment.
Note: If you deploy a data store containing an array with empty policies or trusted applications, or both, then the connected protectors contain empty definitions for these respective items.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/deploy
- Method
- POST
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X POST "https://{ESA IP address}:443/pty/v2/pim/deploy" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"dataStores\":[{\"uid\":\"1\",\"policies\":[\"1\"],\"applications\":[\"1\"]},{\"uid\":\"2\",\"policies\":[\"2\"],\"applications\":[\"2\"]}]}"
This sample request uses the JWT token authentication.
Getting the Deployment Information
This section explains how you can check the complete deployment information. This service returns the list of the data stores with the connected policies and trusted applications.
Note: The result might contain data store information that is pending deployment after combining the Policy Management operations performed through the ESA Web UI and PIM API.
- Base URL
- https://{ESA IP address or Hostname}/pty/v2
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Path
- /pim/deploy
- Method
- GET
Sample Request
curl -H "Authorization: Bearer ${TOKEN}" -X GET "https://{ESA IP address or Hostname}:443/pty/v2/pim/deploy" -H "accept: application/json"
This sample request uses the JWT token authentication.
Feedback
Was this page helpful?