rbacSecuredAPI - Crosswork Network Controller 7.1 APIs

{"type":"model","meta":{"id":"/apps/pubhub/media/crosswork-network-controller-7-1/e1ae91f25de62367ac175351487a12de3ae46a25/c92e7384-b2f4-3d3b-8e8e-03a9325b07bb","info":{"title":"Crosswork RBAC API - Version 1","description":"Crosswork Role-based Access Control APIs","contact":{"name":"Crosswork Team, Cisco","email":"support@cisco.com"},"license":{"name":"Cisco Software License Agreement","url":"http://www.cisco.com/public/sw-license-agreement.html"},"version":"1.0.0"},"security":[{"bearerAuth":[]}],"x-parser-conf":{"overview":{"markdownPath":"reference/INFRA/RBAC/rbac-v1-overview.md"}},"openapi":"3.0.1","servers":[{"url":"https://{cw_ip}:30603/crosswork/aaa/v1"}],"securitySchemes":{"bearerAuth":{"type":"apiKey","description":"Use a bearer token to authenticate requests. Include the token in the Authorization header with the prefix 'Bearer '.","name":"Authorization","in":"header"}}},"spec":{"title":"rbacSecuredAPI","type":"object","properties":{"name":{"type":"string","description":"A human-readable name for the API, typically used for display purposes."},"slug":{"type":"string","description":"A URL-friendly, unique identifier for the API, often used in paths."},"api_id":{"type":"string","description":"The unique programmatic identifier for this API within the system."},"org_id":{"type":"string","description":"The unique identifier of the organization to which this API belongs, supporting multi-tenancy."},"use_keyless":{"type":"boolean","description":"Indicates whether API access is allowed without an explicit key or token."},"use_oauth2":{"type":"boolean","description":"Indicates whether OAuth 2.0 authentication is enabled for this API."},"use_openid":{"type":"boolean","description":"Indicates whether OpenID Connect authentication is enabled for this API."},"openid_options":{"type":"object","description":"Configuration options specific to OpenID Connect authentication.","$$ref":"#/components/schemas/rbacOpenIDOptions"},"oauth_meta":{"type":"object","description":"Metadata and configuration specific to OAuth 2.0 authentication.","$$ref":"#/components/schemas/rbacOauth2Meta"},"auth":{"type":"object","description":"General authentication settings and configurations for the API.","$$ref":"#/components/schemas/rbacAuth"},"use_basic_auth":{"type":"boolean","description":"Indicates whether Basic Authentication (username/password) is enabled for this API.","format":"boolean"},"basic_auth":{"type":"object","description":"Configuration details for Basic Authentication, if enabled.","$$ref":"#/components/schemas/rbacBasicAuth"},"use_mutual_tls_auth":{"type":"boolean","description":"Indicates whether Mutual TLS authentication is enabled, requiring clients to present a certificate.","format":"boolean"},"client_certificates":{"type":"array","description":"A list of client certificate IDs or hashes permitted for TLS authentication.","items":{"type":"string"}},"upstream_certificates":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of trusted upstream certificates for secure communication with backend services."},"pinned_public_keys":{"type":"object","additionalProperties":{"type":"string"},"description":"A map of public keys (e.g., hash to PEM-encoded key string) that are pinned for TLS communication, enforcing trust."},"enable_jwt":{"type":"boolean","description":"Indicates whether JSON Web Token (JWT) authentication is enabled for this API.","format":"boolean"},"use_standard_auth":{"type":"boolean","description":"Indicates whether standard authentication methods are in use for this API.","format":"boolean"},"enable_coprocess_auth":{"type":"boolean","description":"Indicates whether co-process (external) authentication is enabled for this API.","format":"boolean"},"jwt_signing_method":{"type":"string","description":"The cryptographic algorithm used for signing JWTs (e.g., 'HS256', 'RS256')."},"jwt_identit_base_field":{"type":"string","description":"The JWT claim field used as the base for identifying the user or client."},"jwt_client_base_field":{"type":"string","description":"The JWT claim field used as the base for identifying the client application."},"jwt_policy_field_name":{"type":"string","description":"The JWT claim field that contains policy or role information for authorization."},"jwt_issued_at_validation_skew":{"type":"string","description":"The allowed clock skew (in seconds) when validating the 'Issued At' (iat) claim in a JWT.","format":"uint64"},"jwt_expires_at_validation_skew":{"type":"string","description":"The allowed clock skew (in seconds) when validating the 'Expires At' (exp) claim in a JWT.","format":"uint64"},"jwt_not_before_validation_skew":{"type":"string","description":"The allowed clock skew (in seconds) when validating the 'Not Before' (nbf) claim in a JWT.","format":"uint64"},"jwt_skip_kid":{"type":"boolean","description":"Indicates whether to skip validation of the 'Key ID' (kid) header in JWTs.","format":"boolean"},"notifications":{"type":"object","description":"Configuration for sending notifications related to API events or policies.","$$ref":"#/components/schemas/rbacNotificationsManager"},"enable_signature_checking":{"type":"boolean","description":"Indicates whether signature checking is enabled for incoming requests (e.g., for HMAC-signed requests).","format":"boolean"},"hmac_allowed_clock_skew":{"type":"number","description":"The allowed time difference (in seconds) between the client and server clocks for HMAC signature validation.","format":"double"},"base_identity_provided_by":{"type":"string","$$ref":"#/components/schemas/rbacAuthTypeEnum"},"definition":{"type":"object","description":"Defines how different versions of the API are handled and routed.","$$ref":"#/components/schemas/rbacVersionDefinition"},"version_data":{"type":"object","description":"Contains metadata and settings related to API versioning.","$$ref":"#/components/schemas/rbacVersionData"},"uptime_tests":{"type":"object","description":"Configuration for automated uptime and health checks for the API's backend services.","$$ref":"#/components/schemas/rbacUptimeTests"},"proxy":{"type":"object","description":"Settings for how the API gateway proxies requests to the actual backend service.","$$ref":"#/components/schemas/rbacProxy"},"disable_rate_limit":{"type":"boolean","description":"If true, rate limiting is completely disabled for this API, overriding any role-based limits.","format":"boolean"},"disable_quota":{"type":"boolean","description":"If true, quota management is completely disabled for this API, overriding any role-based quotas.","format":"boolean"},"custom_middleware":{"type":"object","description":"Configuration for custom middleware functions applied to this API's request/response flow.","$$ref":"#/components/schemas/rbacMiddlewareSection"},"custom_middleware_bundle":{"type":"string","description":"The identifier or name of a custom middleware bundle applied to this API."},"cache_options":{"type":"object","description":"Configuration options for API caching.","$$ref":"#/components/schemas/rbacCacheOptions"},"session_lifetime":{"type":"string","description":"The duration (in seconds) for which user sessions for this API remain valid.","format":"int64"},"active":{"type":"boolean","description":"Indicates whether the API is currently active and accepting requests.","format":"boolean"},"auth_provider":{"type":"object","description":"Metadata and configuration for the authentication provider used by this API.","$$ref":"#/components/schemas/rbacAuthProviderMeta"},"session_provider":{"type":"object","description":"Metadata and configuration for the session management provider used by this API.","$$ref":"#/components/schemas/rbacSessionProviderMeta"},"event_handlers":{"type":"object","description":"Configuration for custom event handlers triggered by API interactions.","$$ref":"#/components/schemas/rbacEventHandlerMetaConfig"},"enable_batch_request_support":{"type":"boolean","description":"Indicates whether the API supports processing multiple requests in a single batch.","format":"boolean"},"enable_ip_trustlist":{"type":"boolean","description":"Indicates whether IP trustlisting (whitelist) is enabled for this API.","format":"boolean"},"allowed_ips":{"type":"array","description":"A list of IP addresses or CIDR ranges that are explicitly allowed to access this API when IP trustlisting is enabled.","items":{"type":"string"}},"enable_ip_denylist":{"type":"boolean","description":"Indicates whether IP denylisting (blacklist) is enabled for this API.","format":"boolean"},"blocked_ips":{"type":"array","description":"A list of IP addresses or CIDR ranges that are explicitly blocked from accessing this API when IP denylisting is enabled.","items":{"type":"string"}},"dont_set_quota_on_create":{"type":"boolean","description":"If true, the system will not set a default quota when a new API entry is created.","format":"boolean"},"expire_analytics_after":{"type":"string","description":"The duration (in seconds) after which analytics data for this API should be purged or archived.","format":"int64"},"response_processors":{"type":"array","items":{"type":"object","description":"A list of configurations for processing and transforming API responses before sending them to the client.","$$ref":"#/components/schemas/rbacResponseProcessor"}},"CORS":{"type":"object","description":"Cross-Origin Resource Sharing (CORS) settings for this API, controlling cross-domain requests.","$$ref":"#/components/schemas/rbacCORS"},"domain":{"type":"string","description":"The specific domain name associated with this API (e.g., for virtual hosting)."},"do_not_track":{"type":"boolean","description":"If true, analytics and tracking for this API are disabled.","format":"boolean"},"tags":{"type":"array","description":"A list of arbitrary string tags used for categorization, searching, or grouping of APIs.","items":{"type":"string"}},"enable_context_vars":{"type":"boolean","description":"Indicates whether dynamic context variables are enabled for use in this API's configuration.","format":"boolean"},"config_data":{"type":"object","additionalProperties":{"type":"object","description":"Additional, free-form configuration data for the API, allowing for flexible extensions.","$$ref":"#/components/schemas/rbacobject"}},"tag_headers":{"type":"array","description":"A list of HTTP header names whose values should be treated as tags for analytics or routing purposes.","items":{"type":"string"}},"global_rate_limit":{"type":"object","description":"Overrides or defines a global rate limit specifically for this API, independent of role-based limits.","$$ref":"#/components/schemas/rbacGlobalRateLimit"},"strip_auth_data":{"type":"boolean","description":"If true, authentication-related headers or data will be stripped from the request before forwarding to the upstream service.","format":"boolean"}},"$$ref":"#/components/schemas/rbacSecuredAPI"}}