Cisco Secure Access for Government API, OAuth 2.0 Scopes
Secure Access OAuth 2.0 Scopes
You can create API keys with Read-Only or Read/Write permissions for any number of Secure Access resources. Secure Access groups the resources into these scopes: admin, deployments, policies, and reports.
For information about creating your API credentials, see Secure Access API Authentication.
Admin Scopes and Endpoints
Choose the admin:read scope to retrieve the Admin resources in your organization.
Choose the admin:write scope to create, manage, or remove an Admin resource in your organization.
The Admin OAuth 2.0 scope includes these resources:
ApiKeys
| Scope |
Description |
Endpoints |
admin.apikeys:create |
Create an API key. |
POST /admin/v2/apiKeys |
admin.apikeys:read |
View the API keys. |
GET /admin/v2/apiKeys |
|
View an API key. |
GET /admin/v2/apiKeys/{apiKeyId} |
admin.apikeys:delete |
Delete an API key. |
DELETE /admin/v2/apiKeys/{apiKeyId} |
admin.apikeys:update |
Update an API key. |
PATCH /admin/v2/apiKeys/{apiKeyId} |
admin.apikeys:refresh |
Refresh an API key. |
POST /admin/v2/apiKeys/{apiKeyId}/refresh |
VPN User Connections
| Scope |
Description |
Endpoints |
admin.vpn:read |
View the VPN user connections. |
GET /admin/v2/vpn/userConnections |
admin.vpn:write |
Update the VPN user connections. |
PUT /admin/v2/vpn/userConnections |
Deployments Scopes and Endpoints
Choose the deployments:read scope to retrieve the Deployments resources in your organization.
Choose the deployments:write scope to create, manage, or remove a Deployments resource in your organization.
The Deployments OAuth 2.0 scope includes these resources:
Roaming Computers
| Scope |
Description |
Endpoints |
deployments.roamingcomputers:read |
View the roaming computers. |
GET /deployments/v2/roamingcomputers |
|
|
GET /deployments/v2/roamingcomputers/{deviceId} |
deployments.roamingcomputers:write |
Create, update, delete roaming computers. |
PUT /deployments/v2/roamingcomputers/{deviceId} |
|
|
DELETE /deployments/v2/roamingcomputers/{deviceId} |
OrgInfo for Roaming Computers
| Scope |
Description |
Endpoints |
deployments.roamingcomputersOrgInfo:read |
View the OrgInfo.json properties for roaming computers. |
GET /deployments/v2/roamingcomputers/orgInfo |
Network Tunnel Groups
| Scope |
Description |
Endpoints |
deployments.networktunnelgroups:read |
View the network tunnel groups. |
GET /deployments/v2/networktunnelgroups |
|
|
GET /deployments/v2/networktunnelgroups/{id} |
|
|
GET /deployments/v2/networktunnelgroups/{id}/state |
|
|
GET /deployments/v2/networktunnelgroups/{id}/networktunnelhubs/{hub_id}/peers/{peer_id}/state |
|
|
GET /deployments/v2/networktunnelgroupsstate |
deployments.networktunnelgroups:write |
Create, update, and delete the network tunnel groups. |
POST /deployments/v2/networktunnelgroups |
|
|
PATCH /deployments/v2/networktunnelgroups/{id} |
|
|
DELETE /deployments/v2/networktunnelgroups/{id} |
Regions
| Scope |
Description |
Endpoints |
deployments.regions:read |
View the regions. |
GET /deployments/v2/regions |
Secure Web Gateway Device Settings
| Scope |
Description |
Endpoints |
deployments.devices.swg:read |
View the secure web gateway override settings on the devices. |
POST /deployments/v2/deviceSettings/SWGEnabled/list |
deployments.devices.swg:write |
Update and delete secure web gateway settings on the devices. |
POST /deployments/v2/deviceSettings/SWGEnabled/set |
|
|
POST /deployments/v2/deviceSettings/SWGEnabled/remove |
Internal Domains
| Scope |
Description |
Endpoints |
deployments.internaldomains:read |
View the internal domains. |
GET /deployments/v2/internaldomains |
|
|
GET /deployments/v2/internaldomains/{internalDomainId} |
deployments.internaldomains:write |
Create, update, and delete the internal domain. |
POST /deployments/v2/internaldomains |
|
|
PUT /deployments/v2/internaldomains/{internalDomainId} |
|
|
DELETE /deployments/v2/internaldomains/{internalDomainId} |
Sites
| Scope |
Description |
Endpoints |
deployments.sites:read |
View the Sites. |
GET /deployments/v2/sites |
|
|
GET /deployments/v2/sites/{siteId} |
deployments.sites:write |
Create, update, and delete the Site. |
POST /deployments/v2/sites |
|
|
PUT /deployments/v2/sites/{siteId} |
|
|
DELETE /deployments/v2/sites/{siteId} |
Networks
| Scope |
Description |
Endpoints |
deployments.networks:read |
View the networks. |
GET /deployments/v2/networks |
|
|
GET /deployments/v2/networks/{networkId} |
deployments.networks:write |
Create, update, and delete the networks. |
POST /deployments/v2/networks |
|
|
PUT /deployments/v2/networks/{networkId} |
|
|
DELETE /deployments/v2/networks/{networkId} |
Internal Networks
| Scope |
Description |
Endpoints |
deployments.internalnetworks:read |
View the Internal Networks. |
GET /deployments/v2/internalnetworks |
|
|
GET /deployments/v2/internalnetworks/{internalNetworkId} |
deployments.internalnetworks:write |
Create, update, and delete the Internal Network. |
POST /deployments/v2/internalnetworks |
|
|
PUT /deployments/v2/internalnetworks/{internalNetworkId} |
|
|
DELETE /deployments/v2/internalnetworks/{internalNetworkId} |
Network Devices
| Scope |
Description |
Endpoints |
deployments.networkdevices:read |
View the network devices. |
GET /deployments/v2/networkdevices |
|
|
GET /deployments/v2/networkdevices/{originId} |
deployments.networkdevices:write |
Create, update, and delete the network devices. |
POST /deployments/v2/networkdevices |
|
|
PATCH /deployments/v2/networkdevices/{originId} |
|
|
DELETE /deployments/v2/networkdevices/{originId} |
Policies Scopes and Endpoints
Choose the policies:read scope to retrieve the Policies resources in your organization.
Choose the policies:write scope to create, manage, or remove a Policies resource in your organization.
The Policies OAuth 2.0 scope includes these resources:
Security Profiles
| Scope |
Description |
Endpoints |
policies.securityProfiles:read |
View the Security Profiles. |
GET /policies/v2/securityProfiles |
|
|
GET /policies/v2/securityProfiles/{profileId} |
Content Categories
| Scope |
Description |
Endpoints |
policies.contentCategories:read |
View the Content Category settings. |
GET /policies/v2/categorySettings |
Tenant Controls Profiles
| Scope |
Description |
Endpoints |
policies.tenantControlsProfiles:read |
View the Tenant Controls Profiles. |
GET /policies/v2/tenantControls/profiles |
Application Categories
| Scope |
Description |
Endpoints |
policies.applicationCategories:read |
View the Application Category settings. |
GET /policies/v2/applicationCategories |
IPS Profiles
| Scope |
Description |
Endpoints |
policies.ipsconfig:read |
View the IPS profiles and the signatures. |
GET /policies/v2/ipsSignatureProfiles |
|
|
GET /policies/v2/ipsSignatureProfiles/{id} |
|
|
GET /policies/v2/ipsSignatureProfiles/{id}/signatures |
policies.ipsconfig:write |
Create, update, and delete the IPS profiles and the signatures. |
POST /policies/v2/ipsSignatureProfiles |
|
|
PATCH /policies/v2/ipsSignatureProfiles/{id} |
|
|
DELETE /policies/v2/ipsSignatureProfiles/{id} |
Destination Lists
| Scope |
Description |
Endpoints |
policies.destinationLists:read |
View the destination lists. |
GET /policies/v2/destinationlists |
|
|
GET /policies/v2/destinationlists/{destinationListId} |
policies.destinationLists:write |
Create, update, and delete the destination lists. |
POST /policies/v2/destinationlists |
|
|
PATCH /policies/v2/destinationlists/{destinationListId} |
|
|
DELETE /policies/v2/destinationlists/{destinationListId} |
Destinations
| Scope |
Description |
Endpoints |
policies.destinations:read |
View the destinations in the destination lists. |
GET /policies/v2/destinationlists/{destinationListId}/destinations |
policies.destinations:write |
Create and delete the destinations in the destination lists. |
POST /policies/v2/destinationlists/{destinationListId}/destinations |
|
|
DELETE /policies/v2/destinationlists/{destinationListId}/destinations/remove |
Application Lists
| Scope |
Description |
Endpoints |
policies.applicationlists:read |
View the application lists. |
GET /policies/v2/applicationLists |
|
|
GET /policies/v2/applications/usage |
policies.applicationlists:write |
Create, update, and delete the application lists. |
POST /policies/v2/applicationLists |
|
|
PUT /policies/v2/applicationLists/{applicationListId} |
|
|
DELETE /policies/v2/applicationLists/{applicationListId} |
Rules
| Scope |
Description |
Endpoints |
policies.rules:read |
View the rules. |
GET /policies/v2/rules |
|
|
GET /policies/v2/rules/{ruleId} |
|
|
GET /policies/v2/geolocations |
policies.rules:write |
Create, update, and delete the rules. |
POST /policies/v2/rules |
|
|
PUT /policies/v2/rules |
|
|
PUT /policies/v2/rules/{ruleId} |
|
|
DELETE /policies/v2/rules/{ruleId} |
Rule Settings
| Scope |
Description |
Endpoints |
policies.settings:read |
View the rule settings. |
GET /policies/v2/settings |
|
|
GET /policies/v2/settings/{settingName} |
|
|
GET /policies/v2/settingTypes |
|
|
GET /policies/v2/settingTypes/{settingName} |
policies.settings:write |
Update and delete the rule settings. |
PUT /policies/v2/settings |
|
|
PUT /policies/v2/settings/{settingName} |
|
|
DELETE /policies/v2/settings/{settingName} |
Reports Scopes and Endpoints
Choose the reports:read scope to retrieve the Reports resources in your organization.
Choose the reports:write scope to create, manage, or remove a Reports resource in your organization.
The Reports OAuth 2.0 scope includes these resources:
Aggregations
| Scope |
Description |
Endpoints |
reports.aggregations:read |
View the aggregated events. |
GET /reports/v2/top-identities |
|
|
GET /reports/v2/top-identities/{type} |
|
|
GET /reports/v2/identity-distribution |
|
|
GET /reports/v2/identity-distribution/{type} |
|
|
GET /reports/v2/top-destinations |
|
|
GET /reports/v2/top-destinations/{type} |
|
|
GET /reports/v2/top-urls |
|
|
GET /reports/v2/top-categories |
|
|
GET /reports/v2/top-categories/{type} |
|
|
GET /reports/v2/top-eventtypes |
|
|
GET /reports/v2/top-dns-query-types |
|
|
GET /reports/v2/top-files |
|
|
GET /reports/v2/total-requests |
|
|
GET /reports/v2/total-requests/{type} |
|
|
GET /reports/v2/top-threats |
|
|
GET /reports/v2/top-threats/{type} |
|
|
GET /reports/v2/top-threat-types |
|
|
GET /reports/v2/top-threat-types/{type} |
|
|
GET /reports/v2/top-ips |
|
|
GET /reports/v2/top-ips/internal |
|
|
GET /reports/v2/summary |
|
|
GET /reports/v2/summary/{type} |
|
|
GET /reports/v2/summaries-by-category |
|
|
GET /reports/v2/summaries-by-category/{type} |
|
|
GET /reports/v2/summaries-by-destination |
|
|
GET /reports/v2/summaries-by-destination/{type} |
|
|
GET /reports/v2/requests-by-timerange |
|
|
GET /reports/v2/requests-by-timerange/{type} |
|
|
GET /reports/v2/categories-by-hour |
|
|
GET /reports/v2/categories-by-hour/{type} |
|
|
GET /reports/v2/categories-by-timerange |
|
|
GET /reports/v2/categories-by-timerange/{type} |
|
|
GET /reports/v2/deployment-status |
|
|
GET /reports/v2/bandwidth-by-hour |
|
|
GET /reports/v2/bandwidth-by-timerange |
|
|
GET /reports/v2/remote-access-events |
|
|
GET /reports/v2/requests-by-hour |
|
|
GET /reports/v2/requests-by-hour/{type} |
Granular Events
| Scope |
Description |
Endpoints |
reports.granularEvents:read |
View the granular events. |
GET /reports/v2/activity |
|
|
GET /reports/v2/activity/dns |
|
|
GET /reports/v2/activity/proxy |
|
|
GET /reports/v2/activity/firewall |
|
|
GET /reports/v2/activity/intrusion |
|
|
GET /reports/v2/activity/ip |
|
|
GET /reports/v2/activity/ztna |
|
|
GET /reports/v2/activity/decryption |
|
|
GET /reports/v2/activity/amp-retrospective |
Summaries By Rule
| Scope |
Description |
Endpoints |
reports.summariesByRule:read |
View the summaries by rule events. |
GET /reports/v2/summaries-by-rule/intrusion |
|
|
GET /reports/v2/summaries-by-rule/hitcount |
|
|
GET /reports/v2/summaries-by-rule/firewall-hitcount |
Utilities
| Scope |
Description |
Endpoints |
reports.utilities:read |
View the reference information for the reports. |
GET /reports/v2/applications |
|
|
GET /reports/v2/categories |
|
|
GET /reports/v2/identities |
|
|
GET /reports/v2/identities/{identityid} |
|
|
GET /reports/v2/threat-types |
|
|
GET /reports/v2/threat-types/{threattypeid} |
|
|
GET /reports/v2/threat-names |
|
|
GET /reports/v2/threat-names/{threatnameid} |
|
|
POST /reports/v2/identities |
App Discovery
| Scope |
Description |
Endpoints |
reports.appDiscovery:read |
View the application discovery events. |
GET /reports/v2/appDiscovery/applications |
|
|
GET /reports/v2/appDiscovery/applications/{applicationId} |
|
|
GET /reports/v2/appDiscovery/applications/{applicationId}/risk |
|
|
GET /reports/v2/appDiscovery/applications/{applicationId}/identities |
|
|
GET /reports/v2/appDiscovery/applications/{applicationId}/attributes |
|
|
GET /reports/v2/appDiscovery/protocols |
|
|
GET /reports/v2/appDiscovery/protocols/{protocolId} |
|
|
GET /reports/v2/appDiscovery/protocols/{protocolId}/identities |
|
|
GET /reports/v2/appDiscovery/applicationCategories |
|
|
GET /reports/v2/appDiscovery/applications/info |
reports.appDiscovery:write |
Update the label for the applications. |
PATCH /reports/v2/appDiscovery/applications |
|
|
PATCH /reports/v2/appDiscovery/applications/{applicationId} |
API Usage
| Scope |
Description |
Endpoints |
reports.apiusage:read |
View the usage of the API keys. |
GET /reports/v2/apiUsage/requests |
|
|
GET /reports/v2/apiUsage/responses |
|
|
GET /reports/v2/apiUsage/keys |
|
|
GET /reports/v2/apiUsage/summary |