Protegrity REST APIs on

Accessing the Protegrity REST APIs

Mon, 01 Jan 0001 00:00:00 +0000

The following section lists the requirements for accessing the Protegrity REST APIs.

Available endpoints - Protegrity has enabled the following endpoints to access the REST APIs.

Base URL

https://<FQDN>/pty/<Version>/<API>

Where:
- FQDN: Fully Qualified Domain Name provided by the user during PPC installation.
- Version: Specifies the version of the API.
- API: Endpoint of the REST API.
Authentication - You can access the REST APIs using client certificates or tokens. The authentication depends on the type of REST API that you are using. For more information about accessing the REST APIs using these authentication mechanisms, refer to the section Accessing REST API Resources.

View the Protegrity REST API Specification Document

Mon, 01 Jan 0001 00:00:00 +0000

The steps mentioned in this section contains the usage of Docker containers and services to download and launch the images for Swagger Editor within a Docker container.

For more information about Docker, refer to the Docker documentation.

The following example uses Swagger Editor to view the REST API specification document.

Install and start the Swagger Editor.
Download the Swagger Editor image within a Docker container using the following command.
```
docker pull swaggerapi/swagger-editor
```
Launch the Docker container using the following command.

Using the Common REST API Endpoints

Mon, 01 Jan 0001 00:00:00 +0000

The following section specifies the common operations that are applicable to all the Protegrity REST APIs.

The Base URL for each API will change depending on the version of the API being used. The following table specifies the version that you must use when executing the common operations for each API.

REST API	Description	Version in the Base URL <Version>
pim	Policy Management	v2
rps	Encrypted Resilient Package	v1
auth	Authentication and Token Management	v1

Common REST API Endpoints

The following table lists the common operations for the Protegrity REST APIs.

Using the Authentication and Token Management REST APIs

Mon, 01 Jan 0001 00:00:00 +0000

The Authentication and Token Management API uses the v1 version.

If you want to perform common operations using the Authentication and Token REST API, then refer the section Using the Common REST API Endpoints.

The following table provides section references that explain usage of some of the Authentication and Token REST APIs. It includes sample examples to work with the Authentication and Token functions. If you want to view all the Authentication and Token APIs, then use the /doc API to retrieve the API specification.

Using the Policy Management REST APIs

Mon, 01 Jan 0001 00:00:00 +0000

Important: The Policy Management REST APIs will work only after you have installed the workbench.

The user accessing these APIs must have the workbench_management_policy_write permission for write access and the workbench_management_policy_read permission for read-only access.
For more information about the roles and permissions required, refer to the section Workbench Roles and Permissions.

The Policy Management API uses the v2 version.

If you want to perform common operations using the Policy Management REST API, then refer the section Using the Common REST API Endpoints.

Using the Encrypted Resilient Package REST APIs

Mon, 01 Jan 0001 00:00:00 +0000

Important: The Encrypted Resilient Package REST API will work only after you have installed the Policy Workbench. For more information about installing Policy Workbench, refer to the section Installing Policy Workbench.

The Encrypted Resilient Package API is only used by the Immutable Resilient protectors.

Before you begin:

Ensure that the concept of resilient protectors and necessity of a resilient package is understood.
For more information on how the REST API is used to export the encrypted resilient package in an immutable policy deployment, refer to the section DevOps Approach for Application Protector.

Roles and Permissions

Mon, 01 Jan 0001 00:00:00 +0000

Roles are templates that include permissions and users can be assigned to one or more roles. All users in the appliance must be associated with a role.

The roles packaged with PPC are as follows:

Roles	Description	Permissions
directory_administrator	Role to manage users, groups, and their attributes	saml_admin, role_admin, user_manager_admin, can_create_token, password_policy_admin, group_admin
directory_viewer	Role to query and view users and groups and their attributes	saml_viewer, password_policy_viewer, user_manager_viewer, role_viewer, group_viewer
security_administrator	Role to manage users, roles, groups, and security‑related configurations, including SAML, certificates, packages, and insights	can_fetch_package, role_admin, web_admin, cli_access, saml_admin, can_export_certificates, user_manager_admin, can_create_token, password_policy_admin, group_admin, insight_admin
security_viewer	Role with Read access	saml_viewer, password_policy_viewer, insight_viewer, user_manager_viewer, role_viewer, group_viewer

The capabilities of a role are defined by the permissions attached to the role. Though roles can be created, modified, or deleted from the appliance, permissions cannot be edited. The permissions that are available to map with a user and packaged with PPC as default permissions are as follows: