{"type":"model","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/83e8a10367d157243cd1c3e478b807cb81262a3d/28c42199-71bc-32ee-998e-c19bc5c8456e","info":{"title":"Cisco Secure Access Private Resources and Resource Groups API","description":"Manage the Private Resources and Resource Groups in the organization.","version":"1.0.1","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Resource Groups","description":"The Secure Access Private Resource Groups"},{"name":"Private Resources","description":"The Secure Access Private Resources"},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/policies/private-resources-overview.md","uri":"secure-access-api-reference-private-resources-overview"}},"openapi":"3.0.1","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"policies/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"tokenUrl":"https://api.sse.cisco.com/auth/v2/token","scopes":{"policies.privateresourcegroups:read":"Read the Private Resource Groups resources","policies.privateresourcegroups:write":"Write the Private Resource Groups resources","policies.privateresources:read":"Read the Private Resources resources","policies.privateresources:write":"Write the Private Resources resources"}}}}}},"spec":{"type":"object","description":"Create the Private Resource.","required":["name","accessTypes","resourceAddresses"],"properties":{"name":{"type":"string","description":"The name of the Private Resource that is unique across all resources in the organization.\nThe Resource name must not have any special characters other than spaces and hyphens.","maxLength":50,"pattern":"^[a-zA-Z0-9- ]+$","example":"Jira","$$ref":"#/components/schemas/privateResourceName"},"description":{"type":"string","description":"The description of the Private Resource.","maxLength":255,"example":"Jira App For My Org","$$ref":"#/components/schemas/descriptionPrivateResource"},"dnsServerId":{"type":"integer","description":"The unique identifier of the DNS server you use to resolve IP addresses.","example":98765,"$$ref":"#/components/schemas/dnsServerId"},"certificateId":{"type":"integer","description":"The ID of the certificate you use to decrypt traffic to the Private Resource.","example":456,"$$ref":"#/components/schemas/certificateId"},"accessTypes":{"type":"array","description":"The list of connection properties that describe how end users can access private resources in the organization.\nBrowser-based access requires that all resource addresses use the HTTP or HTTPS protocols.\nBranch access is always enabled for a private resource.","items":{"anyOf":[{"type":"object","description":"The connection to private resources is defined for the Cisco Secure Client.","properties":{"type":{"type":"string","description":"The type of the connection is Cisco Secure Client.","enum":["client"],"example":"client"},"reachableAddresses":{"type":"array","description":"The list of IP address, CIDRs, FQDN, or wildcard FQDN destinations.\nIPv6 is not supported. Only applies to resources you configure for client-based Zero Trust Access.","items":{"type":"string","description":"An IP or CIDR address, FQDN, or wildcard FQDN destination.","example":"172.6.0.0/32"},"example":["172.6.0.0/32"],"$$ref":"#/components/schemas/reachableAddresses"}},"required":["type","reachableAddresses"],"example":{"type":"client","reachableAddresses":["jira.com"]},"$$ref":"#/components/schemas/clientBasedAccess"},{"type":"object","description":"The connection to private resources that is defined for a network.","properties":{"type":{"type":"string","description":"The type of the connection is network.","enum":["network"],"example":"network"}},"required":["type"],"example":{"type":"network"},"$$ref":"#/components/schemas/networkBasedAccess"},{"type":"object","description":"The properties of the browser-based request.","properties":{"type":{"type":"string","description":"The type of the connection is a browser.","enum":["browser"],"example":"browser"},"protocol":{"type":"string","description":"The protocol that is used for the communication between the proxy and the Private Resource.\nThe protocol is only applicable for browser-based Zero Trust Network Access.","enum":["HTTPS","HTTP"],"example":"HTTPS","$$ref":"#/components/schemas/protocolProxyToResource"},"sni":{"type":"string","description":"The Server Name Indication (SNI) domain name.\nOnly applicable for browser-based Zero Trust Access and when you select the HTTPS protocol.\nThe SNI must be a valid domain.","example":"adomain.com","$$ref":"#/components/schemas/sni"},"sslVerificationEnabled":{"type":"boolean","description":"Specify whether to enable upstream SSL verification for the internally hosted URL by the customer.\nApplicable for browser-based Zero Trust Access only and when you select the HTTPS protocol.","default":true,"example":true,"$$ref":"#/components/schemas/sslVerificationEnabled"},"externalFQDNPrefix":{"type":"string","maxLength":50,"description":"The external fully qualified domain name (FQDN) prefix."}},"required":["type","protocol"],"example":{"type":"browser","protocol":"HTTPS"},"$$ref":"#/components/schemas/browserBasedAccessRequest"}]},"example":[{"type":"browser","externalFQDNPrefix":"jira","protocol":"HTTPS","sni":"xyz123.jira.com","sslVerificationEnabled":true},{"type":"client","reachableAddresses":["192.168.0.1","example.com"]},{"type":"network"}],"$$ref":"#/components/schemas/accessTypesRequest"},"resourceAddresses":{"type":"array","description":"The list of resource addresses for the Private Resources.","items":{"type":"object","description":"The destinations, protocols, and ports of the Private Resource's address.","required":["destinationAddr","protocolPorts"],"properties":{"destinationAddr":{"type":"array","description":"The list of IPv4 addresses, CIDRs, FQDNs, or wildcard FQDN destinations. IPv6 is not supported.","items":{"type":"string"},"example":["172.6.0.0/32"]},"protocolPorts":{"type":"array","description":"The list of protocols and ports for the IP address destinations. The protocols must be unique.","items":{"type":"object","description":"The protocol and port properties for the Private Resource's address.","properties":{"protocol":{"type":"string","description":"The protocol that you use to connect the user with the Private Resource.\nThe system only allows the TCP protocol for browser-based Zero Trust Access.","enum":["Any","TCP","UDP","HTTP/HTTPS","SSH","RDP-TCP"],"example":"Any","$$ref":"#/components/schemas/protocolClientToResource"},"ports":{"type":"string","description":"The port number or list of comma-separated port numbers that you can use to connect to the Private Resource.\nA port number must be within the range of `1-65535`.","example":"80,8080","$$ref":"#/components/schemas/ports"}}},"example":[{"protocol":"TCP","ports":"80,9000"}]}}},"example":[{"destinationAddr":["172.6.0.0/32","255.100.100.0/24","mydomain.com"],"protocolPorts":[{"protocol":"TCP","ports":"80,82"},{"protocol":"UDP","ports":"53"}]},{"destinationAddr":["example.com"],"protocolPorts":[{"protocol":"HTTP/HTTPS","ports":"80"}]}],"$$ref":"#/components/schemas/resourceAddresses"},"resourceGroupIds":{"type":"array","items":{"type":"integer","example":1,"description":"The ID of the Private Resource Group."},"description":"The list of IDs for the Private Resource Groups that include the Private Resource.","example":[1,19],"$$ref":"#/components/schemas/resourceGroupIds"}},"example":{"name":"Jira","description":"","dnsServerId":44589,"certificateId":123356,"accessTypes":[{"type":"browser","externalFQDNPrefix":"jira","protocol":"HTTPS","sni":"xyz123.jira.com","sslVerificationEnabled":true},{"type":"network"},{"type":"client","reachableAddresses":["192.168.0.1","example.com"]}],"resourceAddresses":[{"destinationAddr":["example.com","172.6.0.0/32"],"protocolPorts":[{"protocol":"HTTP/HTTPS","ports":"80"}]}],"resourceGroupIds":[123455,94275]},"$$ref":"#/components/schemas/privateResourceRequest","title":"privateResourceRequest"}}