API v2: Listeners¶
determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.
Data structures¶
Parameter | Type | Required | Description |
---|---|---|---|
id | string | yes | Read-only object Identifier |
name | string | yes | Unique listener’s name |
blocked | boolean; default value false |
yes | |
reason | string | if blocked == true |
|
announcement | string | no | |
protocol | string {http, modbus, mysql, rdp, ssh, system, tcp, tds, telnet, tn3270, tn5250, vnc} | yes | Immutable |
ignore_case | boolean; default value false |
If protocol == vnc || ssh |
|
legacy_crypto | boolean; default value false |
If protocol == ssh || http || rdp & tls_enabled == true |
Enabling legacy cryptographic protocols and settings |
mode | string {bastion, gateway, proxy, transparent} | yes | |
listen_interface | string | If mode == gateway || transparent |
Network interface for user connections |
listen_ip | string; default value 0.0.0.0 |
If mode == bastion || proxy |
IP address for user connections |
listen_port | number; value range from 1 to 60000 |
If mode == bastion || proxy |
Port number for user connections |
external_address | string | with external_port |
Listener address to present in Access Gateway |
external_port | number; value range from 1 to 65535 |
with external_address |
Listener port to present in Access Gateway |
http_render | boolean; default value true |
If protocol == http |
Is graphical representation for HTTP(S) sessions enabled? |
rdp | ListenerRDPAttributes | If protocol == rdp |
RDP protocol properties |
ssh | ListenerSSHAttributes | If protocol == ssh |
SSH protocol properties |
tls | ListenerTLSAttributes | If protocol == http || rdp |
TLS protocol properties |
created_at | datetime | Read-only | |
modified_at | datetime | Read-only | |
removed | boolean | Read-only |
Parameter | Type | Required | Description |
---|---|---|---|
rdp_private_key | string | If protocol == rdp & tls_enabled == false |
RDP private key |
rdp_public_key | string | If protocol == rdp & tls_enabled == false |
RDP public key |
Parameter | Type | Required | Description |
---|---|---|---|
ssh_private_key | string | yes | SSH private key |
ssh_proxyjump | boolean; default value false |
yes | Is SSH ProxyJump function enabled? |
ssh_public_key | string | yes | Read-only SSH public key |
Parameter | Type | Required | Description |
---|---|---|---|
tls_enabled | boolean; default value true |
If protocol == http || rdp |
Enabling the TLS protocol |
tls_private_key | string | If protocol == http || rdp & tls_enabled == true |
TLS private key |
tls_certificate | string | If protocol == http || rdp & tls_enabled == true |
TLS certificate |
Request for retrieving available attributes of the ListenerModel
Method | GET
|
Path | /api/v2/objspec/listener
|
Parameter | Type | Required | Description |
---|---|---|---|
id | string | yes | Read-only object Identifier |
account_id | string | yes | Immutable. Expects unique safe_id and listener_id |
safe_id | string | yes | Immutable. Expects unique account_id and listener_id |
listener_id | string | no | Immutable. Expects unique account_id and safe_id |
valid_to | datetime | ||
created_at | datetime | Read-only | |
modified_at | datetime | Read-only | |
removed | boolean | Read-only |
Request for retrieving available attributes of the AccountSafeListenerAssignmentModel
Method | GET
|
Path | /api/v2/objspec/account_safe_listener
|
Parameter | Type | Required | Description |
---|---|---|---|
id | string | Read-only, protected object Identifier | |
to_user_id | string | yes | Immutable. Expects unique for_listener_id |
for_listener_id | string | yes | Immutable. Expects unique to_user_id |
to_user_name | string | Read-only, expensive to use | |
for_listener_name | string | Read-only, expensive to use | |
created_at | string | Read-only | |
modified_at | string | Read-only | |
removed | boolean | Read-only |
Request for retrieving available attributes of the ListenerGrantAssignmentModel
Method | GET
|
Path | /api/v2/objspec/listener_grant
|
Allowed methods
GET |
for reading data of an existing object; no request body is required |
POST |
for creating an object; requires a request body, specified in JSON format, that contains the values for properties of the object that is about to be created |
PATCH |
for modifying an existing object; requires a request body, specified in JSON format, that contains the values for properties of the object |
DELETE |
for removing an existing object; no request body is required |
There is a list of URL parameters available for a specific method to be included within a path:
fields
- for including the object fields in the query,
filter
- narrows out the result with available additions:
in
- include possible field values (separated with comma),match
- include a sequence of characters to be searched in field values,eq
- equal,ne
- not equal,lt
- less than,le
- less or equal,gt
- greater than,ge
- greater than or equalblocked
- filter blocked objects,!blocked
- filter unblocked objects,isempty()
- filter objects with empty values in specified fields, only applies to arrays (e.g.,server.isnull()
),
order
,
offset
,
limit
,
debug
- for showing statistics, database errors, etc,
total_count
,
reveal
- to see objects:active
,removed
, orall
for both removed and un-removed.
An example of the request that shows a list of 10 users that have a role user with their id and name specified, sorted alphabetically by their names and shows a total count of users that match the given criteria: GET https://<fudo_address>/api/v2/user?fields=id,name&filter=role.eq(user)&order=name&limit=10&total_count
Possible responses
Code | Status | |
---|---|---|
200 |
success | OK |
201 |
success | CREATED |
400 |
failure | BAD REQUEST ; message examples: Unrecognized endpoint , Request body is not allowed for this endpoint |
401 |
failure | UNAUTHORIZED |
404 |
failure | BAD REQUEST ; message example: Object not found |
The next chapter describes procedures for creating separate requests.
Refer to the Batch operations topic to create nested requests for operating on the Listener objects.
Retrieving listeners list¶
Request
Method | GET
|
Path | /api/v2/listener
|
Example request
Sending GET https://10.0.0.0/api/v2/listener
"result": "success",
"listener": [
{
"id": "1234138875067073217",
"name": "rdp_list_fd_10647",
"protocol": "rdp",
"mode": "bastion",
"listen_ip": "0.0.0.0",
"listen_port": 3388,
"blocked": false,
"created_at": "2022-10-15 14:52:30.980597+02",
"modified_at": "2022-10-15 14:52:30.980597+02",
"legacy_crypto": false,
"tls_enabled": true,
"tls_certificate": "-----BEGIN CERTIFICATE-----\nMIIE0DCCArigAwIBAgIUSGWBY/C...0w/BXGR\n-----END CERTIFICATE-----"
},
{
"id": "1234138875067073219",
"name": "telnet_proxy_3",
"protocol": "telnet",
"mode": "proxy",
"listen_ip": "0.0.0.0",
"listen_port": 2236,
"blocked": false,
"created_at": "2022-10-17 09:34:32.582169+02",
"modified_at": "2022-10-17 09:34:32.582169+02"
},
{
"id": "12348875067073220",
"name": "mssql_proxy",
"protocol": "tds",
"mode": "proxy",
"listen_ip": "0.0.0.0",
"listen_port": 8874,
"blocked": false,
"created_at": "2022-10-17 10:50:53.209773+02",
"modified_at": "2022-10-17 10:50:53.209773+02" }]
Creating a listener¶
Request
Method | POST
|
Path | /api/v2/listener
|
Headers | Content-Type: Application/JSON
|
Body | ListenerModel
|
Modifying a listener¶
Request
Method | PATCH
|
Path | /api/v2/listener/<id>
|
Headers | Content-Type: Application/JSON
|
Body | ListenerModel
|
Example request: Changing the listener’s address
Sending PATCH https://10.0.0.0/api/v2/listener/12345678819172646915
{ "listen_ip": "10.0.2.0" }
Response
{ "result": "success" }
Granting management privileges¶
Request
Method | POST
|
Path | /api/v2/grant/listener
|
Body | {
to_user_id: 1234567890,
for_listener_id: 1234567891
}
|
Creating an account-safe-listener assignments¶
Request
Method | POST
|
Path | /api/v2/account/safe/listener
|
Headers | Content-Type: Application/JSON
|
Body | AccountSafeListenerAssignmentModel
|
Example request
Sending POST https://10.0.0.0/api/v2/account/safe/listener
{ "account_id": 1232678819172646919,
"safe_id": 1232678819172646913,
"listener_id": 1232678819172646914 }
Response
{ "result": "success",
"account_safe_listener": {} }
Deleting an account-safe-listener assignment¶
Request
Method | DELETE
|
Path | /api/v2/account/<account_id>/safe/<safe_id>/listener/<listener_id>
|