Create Tunnel - Cloud Security API

{"type":"api","title":"Create Tunnel","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/9d37d008417d562ab46d4b67547a68457ce288d2/6de27b83-cd76-3f18-9e4a-e121ea0a8b86","info":{"title":"Cisco Umbrella Network Tunnels API","description":"Manage the network tunnels in the organization.","version":"2.0.0","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Data Center"},{"name":"Organization Tunnel"},{"name":"Debugging"},{"name":"Umbrella"}],"x-parser-conf":{"overview":{"markdownPath":"reference/deployments/network-tunnels-overview.md","uri":"umbrella-api-reference-network-tunnels-overview"}},"openapi":"3.0.1","servers":[{"url":"https://api.umbrella.com/{basePath}","variables":{"basePath":{"default":"deployments/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"client credential flow","flows":{"clientCredentials":{"tokenUrl":"https://api.umbrella.com/auth/v2/token","scopes":{"deployments.tunnels:write":"Write deployments tunnels","deployments.tunnels:read":"Read deployments tunnels","deployments.datacenters:read":"Read deployments datacenters"}}}}}},"spec":{"summary":"Create Tunnel","operationId":"addTunnel","description":"Add a new tunnel to the organization.","security":[{"oauthFlow":["deployments.tunnels:write"]}],"tags":["Organization Tunnel","Umbrella"],"requestBody":{"description":"The tunnel to create.","required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"The name of the tunnel."},"siteOriginId":{"type":"integer","description":"The site origin ID to associate with the tunnel.","example":123456},"deviceType":{"type":"string","description":"The type of device where the tunnel originates. The default value is `other`.","enum":["ASA","FTD","ISR","Meraki MX","Viptela cEdge","Viptela vEdge","other"]},"serviceType":{"type":"string","description":"The type of service to associate with the tunnel. The default value is `SIG`.","enum":["SIG","Private Access"],"example":"SIG","$$ref":"#/components/schemas/serviceType"},"networkCIDRs":{"type":"array","description":"Enter IPv4 ranges and CIDR addresses.\nIf `serviceType` is SIG, add all public and private address ranges used internally\nby your organization. Overrides Umbrella's default behavior,\nwhich allows traffic that is destined for RFC-1918 addresses to return through the tunnel.\nIf `serviceType` is Private Access, this field is required.\nThe 0.0.0.0/0 address range is not allowed.","items":{"type":"string","description":"An IPv4 CIDR range.","example":"111.222.39.1/32"},"example":["123.111.222.25/24","111.222.39.1/32"],"$$ref":"#/components/schemas/networkCIDRs"},"transport":{"type":"object","properties":{"protocol":{"description":"The tunnel transport protocol. The default tunnel transport protocol is IPSec.","type":"string","enum":["IPSec"],"example":"IPSec"}}},"authentication":{"type":"object","properties":{"type":{"type":"string","description":"The authentication method. The default is pre-shared key (PSK).","enum":["PSK"]},"parameters":{"type":"object","properties":{"idPrefix":{"type":"string","description":"A human-readable ID for the tunnel, used to generate the ID portion of the Pre-Shared Key.\nIf omitted, the ID is generated and provided in response. Tunnels with a device type of ASA\nmust provide an IP address string for this field. Tunnels with a device type of 'other'\nmay use either an IP address or a human-readable string. PSK IDs are not automatically generated\nfor ASA devices."},"secret":{"type":"string","description":"The secret portion of a Pre-Shared Key (PSK).\nIf omitted, a secret is generated and provided in the response.\nSecrets are a sequence of 16 to 64 characters, and contain at least one upper\nand lowercase letter, one number, and no special characters."}}}}}},"required":["name"]},"example":{"name":"Site01Tunnel","siteOriginId":123456,"serviceType":"SIG","deviceType":"ASA","networkCIDRs":["123.111.222.25/24","111.222.39.1/32"],"transport":{"protocol":"IPSec"},"authentication":{"type":"PSK","parameters":{"idPrefix":"prefix-string","secret":"This123Secret"}}}}}},"responses":{"200":{"description":"OK","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","description":"The properties of the tunnel resource object.","properties":{"id":{"type":"integer","readOnly":true,"description":"The tunnel resource ID. Use this ID as a reference for subsequent requests.","example":1122321},"uri":{"type":"string","description":"Resource URI","readOnly":true,"example":"/tunnels/1122321"},"name":{"type":"string","description":"Display the name of the tunnel. The tunnel name is required, cannot exceed 50 characters in length,\nand can't have any special characters other than spaces and hyphens.","example":"Site01Tunnel"},"siteOriginId":{"type":"integer","description":"The Site origin ID that is associated with the tunnel.","example":123456},"client":{"type":"object","description":"The tunnel client's configuration metadata including the client secret.","properties":{"deviceType":{"type":"string","description":"The type of device where the tunnel originates. The default value is `other`.","enum":["ASA","FTD","ISR","Meraki MX","Viptela cEdge","Viptela vEdge","other"],"$$ref":"#/components/schemas/deviceType"},"authentication":{"type":"object","description":"The authentication context of the client.","properties":{"type":{"type":"string","enum":["PSK"],"example":"PSK","readOnly":true},"parameters":{"type":"object","properties":{"id":{"type":"string","description":"The PSK ID. If an IP address is used as the ID, the IP address is the value of this field.","readOnly":true,"example":"admin@2561066-237952254-umbrella.com"},"modifiedAt":{"type":"string","format":"date-time","readOnly":true,"example":"2018-06-13T16:07:07.222Z","description":"The data and time (timestamp) when the tunnel was updated.","$$ref":"#/components/schemas/modifiedAt"},"secret":{"type":"string","example":"123Secret","description":"The secret of the PSK credentials. Ensure that you save the secret. The secret is not provided at any other time.","$$ref":"#/components/schemas/secretParameter"}},"$$ref":"#/components/schemas/parametersWithSecret"}},"$$ref":"#/components/schemas/authenticationWithSecret"}},"$$ref":"#/components/schemas/TunnelClientMetadataWithSecret"},"transport":{"type":"object","properties":{"protocol":{"description":"The tunnel transport protocol. The default transport protocol is IPSec.","type":"string","enum":["IPSec"],"readOnly":true,"example":"IPSec"}}},"serviceType":{"type":"string","description":"The type of service to associate with the tunnel. The default value is `SIG`.","enum":["SIG","Private Access"],"example":"SIG","$$ref":"#/components/schemas/serviceType"},"networkCIDRs":{"type":"array","description":"Enter IPv4 ranges and CIDR addresses.\nIf `serviceType` is SIG, add all public and private address ranges used internally\nby your organization. Overrides Umbrella's default behavior,\nwhich allows traffic that is destined for RFC-1918 addresses to return through the tunnel.\nIf `serviceType` is Private Access, this field is required.\nThe 0.0.0.0/0 address range is not allowed.","items":{"type":"string","description":"An IPv4 CIDR range.","example":"111.222.39.1/32"},"example":["123.111.222.25/24","111.222.39.1/32"],"$$ref":"#/components/schemas/networkCIDRs"},"meta":{"type":"object","description":"The metadata for the tunnel object, related to service internals.","readOnly":true},"createdAt":{"type":"string","description":"The date and time (timestamp) when the tunnel was created.","format":"date-time","readOnly":true,"example":"2018-06-13T16:07:07.222Z"},"modifiedAt":{"type":"string","format":"date-time","readOnly":true,"example":"2018-06-13T16:07:07.222Z","description":"The data and time (timestamp) when the tunnel was updated.","$$ref":"#/components/schemas/modifiedAt"}},"example":{"id":1122321,"uri":"/tunnels/1122321","name":"Site01Tunnel","siteOriginId":123456,"client":{"deviceType":"ASA","authentication":{"type":"PSK","parameters":{"id":"admin@2561066-237952254-umbrella.com","modifiedAt":"2018-06-13T16:07:07.222Z","secret":"secretkey123"}}},"transport":{"protocol":"IPSec"},"serviceType":"SIG","networkCIDRs":["123.111.222.25/24","111.222.39.1/32"],"meta":{},"createdAt":"2018-06-13T16:07:07.222Z","modifiedAt":"2018-06-13T16:07:07.222Z"},"$$ref":"#/components/schemas/TunnelResourceObjectWithSecret"},"example":{"id":1122321,"uri":"/tunnels/1122321","name":"Site01Tunnel","siteOriginId":123456,"client":{"deviceType":"ASA","authentication":{"type":"PSK","parameters":{"id":"admin@2561066-237952254-umbrella.com","modifiedAt":"2018-06-13T16:07:07.222Z","secret":"This123Secret"}}},"transport":{"protocol":"IPSec"},"serviceType":"SIG","networkCIDRs":["123.111.222.25/24","111.222.39.1/32"],"meta":{},"createdAt":"2018-06-13T16:07:07.222Z","modifiedAt":"2018-06-13T16:07:07.222Z"}}}},"400":{"description":"Bad Request","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","minProperties":3,"required":["statusCode","error","txId"],"properties":{"statusCode":{"type":"integer","example":400,"description":"HTTP status code"},"error":{"type":"string","example":"Validation Error","description":"a brief description of the error"},"txId":{"type":"string","example":"86e189a6-0124-47d3-a32c-25ff3f07deaf","description":"a unique hex number that can be used for debugging"},"validationErrors":{"type":"object","properties":{"someProperty":{"type":"string","example":"must not be empty","description":"the name of the property failing validation."}}}}}}},"$$ref":"#/components/responses/BadRequest"},"401":{"description":"Unauthorized","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","minProperties":3,"required":["statusCode","error","txId"],"properties":{"statusCode":{"type":"integer","example":401,"description":"HTTP status code"},"error":{"type":"string","example":"Unauthorized","description":"A brief description of the error"},"txId":{"type":"string","example":"86e189a6-0124-47d3-a32c-25ff3f07deaf","description":"a unique hex number that can be used for debugging"}}}}},"$$ref":"#/components/responses/Unauthorized"},"403":{"description":"Forbidden","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","minProperties":1,"required":["message"],"properties":{"statusCode":{"type":"integer","example":403,"description":"HTTP status code"},"message":{"type":"string","example":"SIG is not enabled, please check with Cisco Support.\nYou have reached the maximum number of network tunnels for this organization.\nTo increase the limit, contact your administrator.\n","description":"Error message explaining the reason for failure"}}}}},"$$ref":"#/components/responses/Forbidden"},"404":{"description":"Not Found","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","minProperties":3,"required":["statusCode","error","txId"],"properties":{"statusCode":{"type":"integer","example":404,"description":"HTTP status code"},"error":{"type":"string","example":"Not Found","description":"A brief description of the error"},"txId":{"type":"string","example":"86e189a6-0124-47d3-a32c-25ff3f07deaf","description":"a unique hex number that can be used for debugging"}}}}},"$$ref":"#/components/responses/NotFound"},"500":{"description":"Internal Server Error","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","minProperties":3,"required":["statusCode","error","txId"],"properties":{"statusCode":{"type":"integer","example":500,"description":"HTTP status code"},"error":{"type":"string","example":"Internal Server Error","description":"a brief description of the error"},"txId":{"type":"string","example":"86e189a6-0124-47d3-a32c-25ff3f07deaf","description":"a unique hex number that can be used for debugging"}}}}},"$$ref":"#/components/responses/ServerError"}},"__originalOperationId":"addTunnel","method":"post","path":"/tunnels"}}