ASA Projects API

Get started

The Advanced Server Access (ASA) API is logically separate from the rest of the Okta APIs and uses a different API namespace:

https://app.scaleft.com/v1/

An Advanced Server Access (ASA) Project is a collection of ASA Servers and ASA Users that have access to those Servers through ASA Groups.

Explore the Projects API: (opens new window).

Projects API operations

The Projects API has the following operations:

List Projects for a Team
Create a Project
Fetch a Project
Delete a Project
Updates details of a specific Project
List Client Configuration Options for a Project
Add Client Configuration Options to a Project
Delete a Client Configuration Option from a Project
List Cloud Accounts in a Project
Add a Cloud Account to a Project
Remove a Cloud Account from a Project
List all the ASA Groups in a Project
Add an ASA Group to a Project
Retrieve ASA Group details for a single Project
Remove an ASA Group from a Project
Change the Project properties of an ASA Project Group
Fetch a Preauthorization
Create a Preauthorization
List the Preauthorizations for a Project
Update a Preauthorization
List Server Enrollment Tokens within a Project
Create a Server Enrollment Token for a Project
Fetch a Server Enrollment Token from a Project
Delete a Server Enrollment Token from a Project
List Server Users in a Project
Fetch Server User for a Project
List Servers in a Project
Add an Unmanaged Server to a Project
Fetch the details of a Server in a Project
Remove a Server from a Project
Update a Server on a Project

List Projects for a Team

GET https://app.scaleft.com/v1/teams/${team_name}/projects

Lists Projects for a Team

This endpoint requires one of the following roles: access_user, access_admin, authenticated_client, client, or reporting_user.

Request path parameters

Parameter	Type	Description
`team_name`	string	The name of your Team

Request query parameters

Parameter	Type	Description
`count`	number	(Optional) The number of objects per page
`descending`	boolean	(Optional) The object order
`offset`	string	(Optional) The UUID of the object used as an offset for pagination
`prev`	boolean	(Optional) The direction of paging
`self`	boolean	(Optional) If `true`, only lists the Projects that the ASA User making this request has been assigned.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`create_server_users`	boolean	(Optional) Whether to create Server Users for ASA Users in this Project. Defaults to `false`. If left `false`, the ASA User is responsible for ensuring that users that match the names of the Server Users in ASA exist on the server.
`deleted_at`	string	Time of deletion. `null` if not deleted.
`force_shared_ssh_users`	boolean	(Optional) If `true`, new Server Users will not be created for each ASA User in the Project. Instead they share a single standard user and a single admin user. Default is `false`.
`forward_traffic`	boolean	Whether to require that all traffic in the Project be forwarded through selected Gateways. Default is `false`. Warning: Requires a feature flag to be enabled.
`id`	string	The UUID of the Project
`name`	string	The name of the Project
`next_unix_gid`	number	(Optional) The GID to use when creating a new server user.
`next_unix_uid`	number	(Optional) The UID to use when creating a new server user.
`rdp_session_recording`	boolean	(Optional) Whether to enable remote desktop protocol (rdp) recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`require_preauth_for_creds`	boolean	(Optional) Whether to require preauthorization before an ASA User can retrieve credentials to sign in. Default is `false`.
`shared_admin_user_name`	string	(Optional) The name for a shared admin user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`shared_standard_user_name`	string	(Optional) The name for a shared standard user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`ssh_session_recording`	boolean	(Optional) Whether to enable ssh recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`team`	string	The ASA Team of the Project

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects

Response

{
	"list": [
		{
			"create_server_users": true,
			"deleted_at": "0001-01-01T00:00:00Z",
			"force_shared_ssh_users": false,
			"id": "47534a0d-ba28-4a8b-b427-3a9fb276c033",
			"name": "the-sound-and-the-fury",
			"next_unix_gid": 63001,
			"next_unix_uid": 60001,
			"require_preauth_for_creds": true,
			"shared_admin_user_name": null,
			"shared_standard_user_name": null,
			"team": "william-faulkner",
			"user_on_demand_period": null
		},
		{
			"create_server_users": true,
			"deleted_at": "0001-01-01T00:00:00Z",
			"force_shared_ssh_users": false,
			"id": "47534a0d-ba28-4a8b-b427-3a9fb276c033",
			"name": "the-sound-and-the-fury",
			"next_unix_gid": 63001,
			"next_unix_uid": 60001,
			"require_preauth_for_creds": true,
			"shared_admin_user_name": null,
			"shared_standard_user_name": null,
			"team": "william-faulkner",
			"user_on_demand_period": null
		}
	]
}

Create a Project

POST https://app.scaleft.com/v1/teams/${team_name}/projects

Creates a Project

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`create_server_users`	boolean	(Optional) Whether to create Server Users for ASA Users in this Project. Defaults to `false`. If left `false`, the ASA User is responsible for ensuring that users that match the names of the Server Users in ASA exist on the server.
`deleted_at`	string	Time of deletion. `null` if not deleted.
`force_shared_ssh_users`	boolean	(Optional) If `true`, new Server Users will not be created for each ASA User in the Project. Instead they share a single standard user and a single admin user. Default is `false`.
`forward_traffic`	boolean	Whether to require that all traffic in the Project be forwarded through selected Gateways. Default is `false`. Warning: Requires a feature flag to be enabled.
`id`	string	The UUID of the Project
`name`	string	The name of the Project
`next_unix_gid`	number	(Optional) The GID to use when creating a new server user.
`next_unix_uid`	number	(Optional) The UID to use when creating a new server user.
`rdp_session_recording`	boolean	(Optional) Whether to enable remote desktop protocol (rdp) recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`require_preauth_for_creds`	boolean	(Optional) Whether to require preauthorization before an ASA User can retrieve credentials to sign in. Default is `false`.
`shared_admin_user_name`	string	(Optional) The name for a shared admin user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`shared_standard_user_name`	string	(Optional) The name for a shared standard user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`ssh_session_recording`	boolean	(Optional) Whether to enable ssh recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`team`	string	The ASA Team of the Project

Response body

This endpoint returns an object with the following fields and a 201 code on a successful call.

Properties	Type	Description
`create_server_users`	boolean	(Optional) Whether to create Server Users for ASA Users in this Project. Defaults to `false`. If left `false`, the ASA User is responsible for ensuring that users that match the names of the Server Users in ASA exist on the server.
`deleted_at`	string	Time of deletion. `null` if not deleted.
`force_shared_ssh_users`	boolean	(Optional) If `true`, new Server Users will not be created for each ASA User in the Project. Instead they share a single standard user and a single admin user. Default is `false`.
`forward_traffic`	boolean	Whether to require that all traffic in the Project be forwarded through selected Gateways. Default is `false`. Warning: Requires a feature flag to be enabled.
`id`	string	The UUID of the Project
`name`	string	The name of the Project
`next_unix_gid`	number	(Optional) The GID to use when creating a new server user.
`next_unix_uid`	number	(Optional) The UID to use when creating a new server user.
`rdp_session_recording`	boolean	(Optional) Whether to enable remote desktop protocol (rdp) recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`require_preauth_for_creds`	boolean	(Optional) Whether to require preauthorization before an ASA User can retrieve credentials to sign in. Default is `false`.
`shared_admin_user_name`	string	(Optional) The name for a shared admin user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`shared_standard_user_name`	string	(Optional) The name for a shared standard user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`ssh_session_recording`	boolean	(Optional) Whether to enable ssh recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`team`	string	The ASA Team of the Project

Usage example

Request

curl -v -X POST \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"create_server_users": true,
	"deleted_at": null,
	"force_shared_ssh_users": false,
	"id": "",
	"name": "the-sound-and-the-fury",
	"next_unix_gid": null,
	"next_unix_uid": 0,
	"require_preauth_for_creds": true,
	"shared_admin_user_name": null,
	"shared_standard_user_name": null,
	"team": "william-faulkner",
	"user_on_demand_period": null
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects

Response

{
	"create_server_users": true,
	"deleted_at": "0001-01-01T00:00:00Z",
	"force_shared_ssh_users": false,
	"id": "47534a0d-ba28-4a8b-b427-3a9fb276c033",
	"name": "the-sound-and-the-fury",
	"next_unix_gid": 63001,
	"next_unix_uid": 60001,
	"require_preauth_for_creds": true,
	"shared_admin_user_name": null,
	"shared_standard_user_name": null,
	"team": "william-faulkner",
	"user_on_demand_period": null
}

Fetch a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}

Fetches details regarding a specific Project

This endpoint requires one of the following roles: access_user, access_admin, authenticated_client, client, or reporting_user.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`create_server_users`	boolean	(Optional) Whether to create Server Users for ASA Users in this Project. Defaults to `false`. If left `false`, the ASA User is responsible for ensuring that users that match the names of the Server Users in ASA exist on the server.
`force_shared_ssh_users`	boolean	(Optional) If `true`, new Server Users will not be created for each ASA User in the Project. Instead they share a single standard user and a single admin user. Default is `false`.
`forward_traffic`	boolean	Whether to require that all traffic in the Project be forwarded through selected Gateways. Default is `false`. Warning: Requires a feature flag to be enabled.
`id`	string	The UUID of the Project
`name`	string	The name of the Project
`next_unix_gid`	number	(Optional) The GID to use when creating a new server user.
`next_unix_uid`	number	(Optional) The UID to use when creating a new server user.
`rdp_session_recording`	boolean	(Optional) Whether to enable remote desktop protocol (rdp) recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`require_preauth_for_creds`	boolean	(Optional) Whether to require preauthorization before an ASA User can retrieve credentials to sign in. Default is `false`.
`shared_admin_user_name`	string	(Optional) The name for a shared admin user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`shared_standard_user_name`	string	(Optional) The name for a shared standard user on Servers in this Project. If `force_shared_ssh_users` is `true`, this must be provided.
`ssh_session_recording`	boolean	(Optional) Whether to enable ssh recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`team`	string	The ASA Team of the Project

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}

Response

{
	"create_server_users": true,
	"deleted_at": "0001-01-01T00:00:00Z",
	"force_shared_ssh_users": false,
	"id": "47534a0d-ba28-4a8b-b427-3a9fb276c033",
	"name": "the-sound-and-the-fury",
	"next_unix_gid": 63001,
	"next_unix_uid": 60001,
	"require_preauth_for_creds": true,
	"shared_admin_user_name": null,
	"shared_standard_user_name": null,
	"team": "william-faulkner",
	"user_on_demand_period": null
}

Delete a Project

DELETE https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}

Deletes a Project

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X DELETE \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}

Response

HTTP 204 No Content

Updates details of a specific Project

PUT https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`create_server_users`	boolean	(Optional) Whether to create Server Users for ASA Users in this Project. Defaults to `false`. If left `false`, the ASA User is responsible for ensuring that Users that match the Server User names in ASA exist on the server.
`forward_traffic`	boolean	Whether to require that all traffic in the Project be forwarded through selected Gateways. Default is `false`. Warning: Requires a feature flag to be enabled.
`next_unix_gid`	number	(Optional) The GID to use when creating a new server user.
`next_unix_uid`	number	(Optional) The UID to use when creating a new server user.
`rdp_session_recording`	boolean	Whether to enable remote desktop protocol (rdp) recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.
`require_preauth_for_creds`	boolean	(Optional) Whether to require preauthorization before an ASA User can retrieve credentials to sign in. Default is `false`.
`ssh_session_recording`	boolean	Whether to enable ssh recording on all Servers in this Project. Default is `false`. Warning: Requires a feature flag to be enabled.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X PUT \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"create_server_users": true,
	"next_unix_gid": 63011,
	"next_unix_uid": 60011,
	"require_preauth_for_creds": false,
	"user_on_demand_period": null
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}

Response

HTTP 204 No Content

List Client Configuration Options for a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/client_config_options

Lists Client Configuration Options for a Project. Use Client Configuration Options to automatically pass settings to any Client sign in to a server in this Project.

This endpoint requires one of the following roles: access_user, or access_admin.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`config_key`	string	The Client Configuration Option to change
`config_value`	object	The value to be applied to the Client configurations
`id`	string	(Optional) The UUID of the Client Configuration Option

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/client_config_options

Response

{
	"list": [
		{
			"config_key": "ssh.insecure_forward_agent",
			"config_value": "host",
			"id": "cdcc44bf-db85-4964-9517-91cc69e9086a"
		},
		{
			"config_key": "ssh.port_forward_method",
			"config_value": "netcat",
			"id": "9b72bfb7-3191-4098-8c1c-48513399cae9"
		}
	]
}

Add Client Configuration Options to a Project

POST https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/client_config_options

Adds Client Configuration Options to a Project

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`config_key`	string	The Client Configuration Option to change
`config_value`	object	The value to be applied to the Client configurations
`id`	string	(Optional) The UUID of the Client Configuration Option

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`config_key`	string	The Client Configuration Option to change
`config_value`	object	The value to be applied to the Client configurations
`id`	string	(Optional) The UUID of the Client Configuration Option

Usage example

Request

curl -v -X POST \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"config_key": "ssh.insecure_forward_agent",
	"config_value": "host",
	"id": ""
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/client_config_options

Response

{
	"config_key": "ssh.insecure_forward_agent",
	"config_value": "host",
	"id": "cdcc44bf-db85-4964-9517-91cc69e9086a"
}

Delete a Client Configuration Option from a Project

DELETE https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/client_config_options/${client_config_options_id}

Deletes Client Configuration Option from a Project

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`client_config_options_id`	string	The UUID of the Client Config Options
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X DELETE \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/client_config_options/${client_config_options_id}

Response

HTTP 204 No Content

List Cloud Accounts in a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/cloud_accounts

Lists Cloud Accounts in a Project

This endpoint requires one of the following roles: access_user, or reporting_user.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`account_id`	string	The provider-specific account ID
`description`	string	(optional) Human-readable description of the Cloud Account
`id`	string	UUID of the Cloud Account
`provider`	string	A Cloud provider: `aws` or `gce`

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/cloud_accounts

Response

{
	"list": [
		{
			"account_id": "123456789012",
			"description": "Dev AWS account",
			"id": "23a38ea4-fc9a-4805-8df7-59e63a7845fb",
			"provider": "aws"
		},
		{
			"account_id": "630225935076",
			"description": "Dev GCE account",
			"id": "1bb650df-6ac7-44aa-87db-c37fce8d5f43",
			"provider": "gce"
		}
	]
}

Add a Cloud Account to a Project

POST https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/cloud_accounts

Adds a Cloud Account to a Project, which allows servers created in that account to register with Okta Advanced Server Access without using a Server Enrollment Token. This is only possible on Cloud providers that expose cryptographically signed instance metadata, so currently only Amazon Web Services and Google Compute Engine are supported.

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`account_id`	string	The provider-specific account ID
`description`	string	(optional) Human-readable description of the Cloud Account
`id`	string	UUID of the Cloud Account
`provider`	string	A Cloud provider: `aws` or `gce`

Usage example

Request

curl -v -X POST \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/cloud_accounts

Response

{
	"account_id": "123456789012",
	"description": "Dev AWS account",
	"id": "23a38ea4-fc9a-4805-8df7-59e63a7845fb",
	"provider": "aws"
}

Remove a Cloud Account from a Project

DELETE https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/cloud_accounts/${cloud_account_id}

Removes a Cloud Account from a Project

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`cloud_account_id`	string	The UUID of the Cloud Account
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X DELETE \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/cloud_accounts/${cloud_account_id}

Response

HTTP 204 No Content

List all the ASA Groups in a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups

Lists all the ASA Groups in a Project

This endpoint requires one of the following roles: access_user, access_admin, or reporting_user.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`create_server_group`	boolean	True if you want `sftd` to create a corresponding local (unix or windows) group on the end server. Server Users are still created as long as `create_server_users` is set to `true` for the Project.
`deleted_at`	string	Time of deletion from the Project. `null` if not deleted.
`group`	string	The name of the ASA Group
`group_id`	string	The UUID that corresponds to the ASA Group
`id`	string	The UUID that corresponds to the ASA Project Group
`name`	string	The name of the ASA Group. A non-editable duplicate of `group`.
`removed_at`	string	Time of removal from the Project. `null` if not removed.
`server_access`	boolean	True if members of this ASA Group have access to the Project Servers
`server_admin`	boolean	True if members of this ASA Group have sudo permissions on the Project Servers
`server_group_name`	string	If `create_server_group` is `true`, the name of the server group
`servers_selector`	string	(Optional) Kubernetes-style selector for servers in a Project
`unix_gid`	number	If `create_server_group` is `true`, the GID of the server group created

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups

Response

{
	"list": [
		{
			"create_server_group": true,
			"deleted_at": null,
			"group": "compsons",
			"group_id": "3447e842-8755-4cd6-9da1-80fc929b3e04",
			"id": "",
			"name": "compsons",
			"profile_attributes": {
				"unix_gid": 63000,
				"unix_group_name": "sft_compsons",
				"windows_group_name": "sft_compsons"
			},
			"project": "the-sound-and-the-fury",
			"removed_at": null,
			"server_access": false,
			"server_admin": true,
			"server_group_name": null,
			"unix_gid": null
		}
	]
}

Add an ASA Group to a Project

POST https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups

Adds a pre-existing ASA Group to the Project, which enables server access with either User or admin permissions and the option to sync an ASA Group to the servers in the Project.

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`create_server_group`	boolean	True if you want `sftd` to create a corresponding local (unix or windows) group on the end server. Server Users are still created as long as `create_server_users` is set to `true` for the Project.
`deleted_at`	string	Time of deletion from the Project. `null` if not deleted.
`group`	string	The name of the ASA Group
`group_id`	string	The UUID that corresponds to the ASA Group
`id`	string	The UUID that corresponds to the ASA Project Group
`name`	string	The name of the ASA Group. A non-editable duplicate of `group`.
`removed_at`	string	Time of removal from the Project. `null` if not removed.
`server_access`	boolean	True if members of this ASA Group have access to the Project Servers
`server_admin`	boolean	True if members of this ASA Group have sudo permissions on the Project Servers
`server_group_name`	string	If `create_server_group` is `true`, the name of the server group
`servers_selector`	string	(Optional) Kubernetes-style selector for servers in a Project
`unix_gid`	number	If `create_server_group` is `true`, the GID of the server group created

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X POST \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"create_server_group": true,
	"deleted_at": null,
	"group": "compsons",
	"group_id": "",
	"id": "",
	"name": "compsons",
	"removed_at": null,
	"server_access": true,
	"server_admin": false,
	"server_group_name": null,
	"unix_gid": null
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups

Response

HTTP 204 No Content

Retrieve ASA Group details for a single Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups/${group_name}

Returns details for an ASA Group on a Project.

This endpoint requires one of the following roles: access_user, access_admin, or reporting_user.

Request path parameters

Parameter	Type	Description
`group_name`	string	The ASA Group name
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`create_server_group`	boolean	True if you want `sftd` to create a corresponding local (unix or windows) group on the end server. Server Users are still created as long as `create_server_users` is set to `true` for the Project.
`deleted_at`	string	Time of deletion from the Project. `null` if not deleted.
`group`	string	The name of the ASA Group
`group_id`	string	The UUID that corresponds to the ASA Group
`id`	string	The UUID that corresponds to the ASA Project Group
`name`	string	The name of the ASA Group. A non-editable duplicate of `group`.
`profile_attributes`	string	If `create_server_group` is `true`, the Attributes that will be synced to the server
`project`	string	The Project this Project Group belongs to.
`removed_at`	string	Time of removal from the project. `null` if not removed.
`server_access`	boolean	True if members of this ASA Group have access to the Project Servers
`server_admin`	boolean	True if members of this ASA Group have sudo permissions on the Project Servers
`server_group_name`	string	If `create_server_group` is `true`, the name of the server group
`servers_selector`	string	(Optional) Kubernetes-style selector for servers in a Project
`unix_gid`	number	If `create_server_group` is `true`, the GID of the server group created

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups/${group_name}

Response

{
	"create_server_group": true,
	"deleted_at": null,
	"group": "compsons",
	"group_id": "3447e842-8755-4cd6-9da1-80fc929b3e04",
	"id": "",
	"name": "compsons",
	"profile_attributes": {
		"unix_gid": 63000,
		"unix_group_name": "sft_compsons",
		"windows_group_name": "sft_compsons"
	},
	"project": "the-sound-and-the-fury",
	"removed_at": null,
	"server_access": false,
	"server_admin": true,
	"server_group_name": null,
	"unix_gid": null
}

Remove an ASA Group from a Project

DELETE https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups/${group_name}

Removes an ASA Group from a Project. This doesn't delete the ASA Group.

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`group_name`	string	The ASA Group name
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X DELETE \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups/${group_name}

Response

HTTP 204 No Content

Change the Project properties of an ASA Project Group

PUT https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups/${group_name}

Updates the Project-level details for an ASA Project Group

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`group_name`	string	The ASA Group name
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`create_server_group`	boolean	True if you want `sftd` to create a corresponding local (unix or windows) group on the end server. Server Users are still created as long as `create_server_users` is set to `true` for the Project.
`deleted_at`	string	Time of deletion from the Project. `null` if not deleted.
`group`	string	The name of the ASA Group
`group_id`	string	The UUID that corresponds to the ASA Group
`id`	string	The UUID that corresponds to the ASA Project Group
`name`	string	The name of the ASA Group. A non-editable duplicate of `group`.
`removed_at`	string	Time of removal from the Project. `null` if not removed.
`server_access`	boolean	True if members of this ASA Group have access to the Project Servers
`server_admin`	boolean	True if members of this ASA Group have sudo permissions on the Project Servers
`server_group_name`	string	If `create_server_group` is `true`, the name of the server group
`servers_selector`	string	(Optional) Kubernetes-style selector for servers in a Project
`unix_gid`	number	If `create_server_group` is `true`, the GID of the server group created

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X PUT \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"create_server_group": true,
	"deleted_at": null,
	"group": "compsons",
	"group_id": "",
	"id": "",
	"name": "compsons",
	"removed_at": null,
	"server_access": false,
	"server_admin": true,
	"server_group_name": null,
	"unix_gid": null
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/groups/${group_name}

Response

HTTP 204 No Content

Fetch a Preauthorization

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations

Fetches a Preauthorization. A Preauthorization is a time-limited grant for an ASA User to access resources in a specific Project.

This endpoint requires one of the following roles: access_admin, or preauthorization.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`disabled`	boolean	`true` if the Preauthorization is disabled
`expires_at`	string	The Preauthorization ceases to work after the `expires_at` date
`id`	string	The UUID of the Preauthorization
`projects`	array	The Projects that the Preauthorization is valid for
`servers`	array	The Servers that the Preauthorization is valid for
`user_name`	string	The username of the ASA User that the Preauthorization is for

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations

Response

{
	"disabled": false,
	"expires_at": "2020-07-28T18:30:00Z",
	"id": "566b0fa9-f3ef-4825-a390-16d1766764a0",
	"projects": [
		"the-sound-and-the-fury"
	],
	"servers": null,
	"user_name": "jason.compson"
}

Create a Preauthorization

POST https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations

Creates a Preauthorization.

This endpoint requires one of the following roles: access_admin, or preauthorization.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`disabled`	boolean	`true` if the Preauthorization is disabled
`expires_at`	string	The Preauthorization ceases to work after the `expires_at` date
`id`	string	The UUID of the Preauthorization
`projects`	array	The Projects that the Preauthorization is valid for
`servers`	array	The Servers that the Preauthorization is valid for
`user_name`	string	The username of the ASA User that the Preauthorization is for

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X POST \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"disabled": false,
	"expires_at": "2020-07-28T18:30:00Z",
	"id": "",
	"projects": [
		"the-sound-and-the-fury"
	],
	"servers": null,
	"user_name": "jason.compson"
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations

Response

HTTP 204 No Content

List the Preauthorizations for a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations/${authorization_id}

Lists the Preauthorizations for a Project

This endpoint requires one of the following roles: access_admin, or preauthorization.

Request path parameters

Parameter	Type	Description
`authorization_id`	string	The UUID of the Authorization
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

Parameter	Type	Description
`count`	number	(Optional) The number of objects per page
`descending`	boolean	(Optional) The object order
`include_expired`	boolean	(Optional) If `true`, includes expired preauthorizations
`offset`	string	(Optional) The UUID of the object used as an offset for pagination
`prev`	boolean	(Optional) The direction of paging
`project`	string	(Optional) If a value is provided, filters for the specified Project. This doesn`t apply if used against a Project-specific endpoint.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`disabled`	boolean	`true` if the Preauthorization is disabled
`expires_at`	string	The Preauthorization ceases to work after the `expires_at` date
`id`	string	The UUID of the Preauthorization
`projects`	array	The Projects that the Preauthorization is valid for
`servers`	array	The Servers that the Preauthorization is valid for
`user_name`	string	The username of the ASA User that the Preauthorization is for

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations/${authorization_id}

Response

{
	"list": [
		{
			"disabled": false,
			"expires_at": "2020-07-28T18:30:00Z",
			"id": "566b0fa9-f3ef-4825-a390-16d1766764a0",
			"projects": [
				"the-sound-and-the-fury"
			],
			"servers": null,
			"user_name": "jason.compson"
		}
	]
}

Update a Preauthorization

PUT https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations/${authorization_id}

This endpoint requires one of the following roles: access_admin, or preauthorization.

Request path parameters

Parameter	Type	Description
`authorization_id`	string	The UUID of the Authorization
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`disabled`	boolean	`true` if the Preauthorization is disabled
`expires_at`	string	The Preauthorization ceases to work after the `expires_at` date
`id`	string	The UUID of the Preauthorization
`projects`	array	The Projects that the Preauthorization is valid for
`servers`	array	The Servers that the Preauthorization is valid for
`user_name`	string	The username of the ASA User that the Preauthorization is for

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`disabled`	boolean	`true` if the Preauthorization is disabled
`expires_at`	string	The Preauthorization ceases to work after the `expires_at` date
`id`	string	The UUID of the Preauthorization
`projects`	array	The Projects that the Preauthorization is valid for
`servers`	array	The Servers that the Preauthorization is valid for
`user_name`	string	The username of the ASA User that the Preauthorization is for

Usage example

Request

curl -v -X PUT \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"disabled": true,
	"expires_at": "2020-07-28T18:30:00Z",
	"id": "",
	"projects": [
		"the-sound-and-the-fury"
	],
	"servers": null,
	"user_name": "jason.compson"
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/preauthorizations/${authorization_id}

Response

{
	"disabled": true,
	"expires_at": "2020-07-28T18:30:00Z",
	"id": "566b0fa9-f3ef-4825-a390-16d1766764a0",
	"projects": [
		"the-sound-and-the-fury"
	],
	"servers": null,
	"user_name": "jason.compson"
}

List Server Enrollment Tokens within a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens

Lists Server Enrollment Tokens within a Project

This endpoint requires one of the following roles: access_user, access_admin, or server_enrollment_token_viewer.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`created_by_user`	string	The ASA User that created this Server Enrollment Token
`description`	string	A human-readable description of why this Server Enrollment Token was created
`id`	string	The UUID that corresponds to the Server Enrollment Token
`issued_at`	string	Time of creation
`token`	object	A token used to enroll an ASA Server

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens

Response

{
   "list": [
    {
        "id": "b6519474-6ca2-4fac-bc81-b334d9a103cd",
        "token": "eyJzIjoiYjY1MTk0NzQtNmNhMi00ZmFjLWJjODEtYjMzNGQ5YTEwM2NkIiwidSI6Imh0dHBzOi8vZGV2LnN1ZG8ud3RmOjg0NDMifQ==",
        "created_by_user": "william.faulkner",
        "issued_at": "2020-10-02T06:54:46.910552Z",
        "description": "Test Server Enrollment Token"
    },
    {
        "id": "99fd1170-0053-4865-b09b-0e704cfbb8cb",
        "token": "eyJzIjoiOTlmZDExNzAtMDA1My00ODY1LWIwOWItMGU3MDRjZmJiOGNiIiwidSI6Imh0dHBzOi8vZGV2LnN1ZG8ud3RmOjg0NDMifQ==",
        "created_by_user": "william.faulkner",
        "issued_at": "2020-10-02T06:57:02.829784708Z",
        "description": "Test Server Enrollment Token Two"
    }
   ]
}

Create a Server Enrollment Token for a Project

POST https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens

Creates a Server Enrollment Token to be used with a Project. These tokens are used to enroll a Server in a specific Project.

This endpoint requires one of the following roles: access_user, access_admin, or server_enrollment_token_creator.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`created_by_user`	string	The ASA User that created this Server Enrollment Token
`description`	string	A human-readable description of why this Server Enrollment Token was created
`id`	string	The UUID that corresponds to the Server Enrollment Token
`issued_at`	string	Time of creation
`token`	object	A token used to enroll an ASA Server

Response body

This endpoint returns an object with the following fields and a 201 code on a successful call.

Properties	Type	Description
`created_by_user`	string	The ASA User that created this Server Enrollment Token
`description`	string	A human-readable description of why this Server Enrollment Token was created
`id`	string	The UUID that corresponds to the Server Enrollment Token
`issued_at`	string	Time of creation
`token`	object	A token used to enroll an ASA Server

Usage example

Request

curl -v -X POST \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens
--data '{
    "id": null,
    "token": null,
    "created_by_user": null,
    "issued_at": null,
    "description": "Test Server Enrollment Token"
}'

Response

{
    "id": "b6519474-6ca2-4fac-bc81-b334d9a103cd",
    "token": "eyJzIjoiYjY1MTk0NzQtNmNhMi00ZmFjLWJjODEtYjMzNGQ5YTEwM2NkIiwidSI6Imh0dHBzOi8vZGV2LnN1ZG8ud3RmOjg0NDMifQ==",
    "created_by_user": "william.faulkner",
    "issued_at": "2020-10-02T06:54:46.910552Z",
    "description": "Test Server Enrollment Token"
}

Fetch a Server Enrollment Token from a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens/${server_enrollment_token_id}

Fetches a Server Enrollment Token from a Project

This endpoint requires one of the following roles: access_user, access_admin, or server_enrollment_token_viewer.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`server_enrollment_token_id`	string	The UUID of the Server Enrollment Token
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`created_by_user`	string	The ASA User that created this Server Enrollment Token
`description`	string	A human-readable description of why this Server Enrollment Token was created
`id`	string	The UUID that corresponds to the Server Enrollment Token
`issued_at`	string	Time of creation
`token`	object	A token used to enroll an ASA Server

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens/${server_enrollment_token_id}

Response

{
    "id": "b6519474-6ca2-4fac-bc81-b334d9a103cd",
    "token": "eyJzIjoiYjY1MTk0NzQtNmNhMi00ZmFjLWJjODEtYjMzNGQ5YTEwM2NkIiwidSI6Imh0dHBzOi8vZGV2LnN1ZG8ud3RmOjg0NDMifQ==",
    "created_by_user": "william.faulkner",
    "issued_at": "2020-10-02T06:54:46.910552Z",
    "description": "Test Server Enrollment Token"
}

Delete a Server Enrollment Token from a Project

DELETE https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens/${server_enrollment_token_id}

Deletes a Server Enrollment Token from a Project

This endpoint requires the access_admin role.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`server_enrollment_token_id`	string	The UUID of the Server Enrollment Token
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X DELETE \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_enrollment_tokens/${server_enrollment_token_id}

Response

HTTP 204 No Content

List Server Users in a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_users

List all the Server Users in a Project. A Server User is a representation of a given ASA User that is created on an end server.

This endpoint requires one of the following roles: reporting_user, access_user, or access_admin.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`admin`	boolean	True if Server User has sudo permissions
`id`	string	UUID of Server User API object
`server_user_name`	string	The username that is used on Unix servers
`status`	string	Status of the Server User
`type`	string	Whether this is a Service or human user
`unix_gid`	number	Unix GID of the Server User
`unix_uid`	number	Unix UID of the Server User
`user_name`	string	The username of the corresponding ASA User
`windows_server_user_name`	string	The username that is used on Windows servers

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_users

Response

{
	"list": [
		{
			"admin": true,
			"id": "2bbed0a1-7f9a-4627-addd-4a9cfa0e0469",
			"server_user_name": "benjy",
			"status": "ACTIVE",
			"type": "human",
			"unix_gid": 63001,
			"unix_uid": 60001,
			"user_name": "benjycompson",
			"windows_server_user_name": "benjy"
		},
		{
			"admin": false,
			"id": "b38e7db4-506f-4bc4-884a-57461c3fc0ae",
			"server_user_name": "quentin",
			"status": "DELETED",
			"type": "human",
			"unix_gid": 63002,
			"unix_uid": 60002,
			"user_name": "quentincompson",
			"windows_server_user_name": "quentin"
		}
	]
}

Fetch Server User for a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_users/${user_name}

Fetches a specific Server User for a Project

This endpoint requires one of the following roles: access_user, access_admin, or reporting_user.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team
`user_name`	string	The relevant username

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`admin`	boolean	True if Server User has sudo permissions
`id`	string	UUID of Server User API object
`server_user_name`	string	The username that is used on Unix servers
`status`	string	Status of the Server User
`type`	string	Whether this is a Service or human user
`unix_gid`	number	Unix GID of the Server User
`unix_uid`	number	Unix UID of the Server User
`user_name`	string	The username of the corresponding ASA User
`windows_server_user_name`	string	The username that is used on Windows servers

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/server_users/${user_name}

Response

{
	"list": {
		"admin": true,
		"id": "2bbed0a1-7f9a-4627-addd-4a9cfa0e0469",
		"server_user_name": "benjy",
		"status": "ACTIVE",
		"type": "human",
		"unix_gid": 63001,
		"unix_uid": 60001,
		"user_name": "benjycompson",
		"windows_server_user_name": "benjy"
	}
}

List Servers in a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers

Lists the Servers enrolled in this Project

This endpoint requires one of the following roles: access_admin, server_admin, or access_user.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a list of objects with the following fields and a 200 code on a successful call.

Properties	Type	Description
`access_address`	string	The access address of the Server
`alt_names`	array	(Optional) Alternative names for the Server
`bastion`	string	Specifies the bastion host that Clients automatically use when connecting to this host
`canonical_name`	string	Specifies the name that Clients should use/see when connecting to this host. Overrides the name found with hostname.
`cloud_provider`	string	The cloud provider of the Server, if one exists
`deleted_at`	string	The time the Server was deleted from the Project
`hostname`	string	The hostname of the Server
`id`	string	The UUID corresponding to the Server
`instance_details`	object	Information that the cloud provider provides about the Server, if one exists
`labels`	object	(Optional) The labels for this server. This parameter is only available with the PolicySync feature, which is currently in EA.
`last_seen`	string	The last time that the Server made a request to the ASA platform
`managed`	boolean	True if the Server is managed by 'sftd'. Unmanaged Servers are used in configurations where users may have a bastion, for example, that they don't want/can't connect to through 'sftd'. With an Unmanaged Server record to represent this box, ASA knows that it exists and to use it as a bastion hop.
`os`	string	The particular OS of the Server, such as CentOS 6 or Debian 9.13
`os_type`	string	The OS family where the Server is running. Can be either Linux or Windows.
`project_name`	string	The Project that the Server belongs to
`registered_at`	string	The time that the Server was registered to the Project
`services`	array	The service that Clients use to connect to the Server. Can either be `ssh` or `rdp`.
`sftd_version`	string	The version of 'sftd' that the Server is running
`ssh_host_keys`	array	The host keys used to authenticate the Server
`state`	string	State of the Server: `ACTIVE` or `INACTIVE`
`team_name`	string	The name of the Team

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers

Response

{
	"list": [
		{
			"access_address": null,
			"alt_names": null,
			"bastion": null,
			"canonical_name": null,
			"cloud_provider": null,
			"deleted_at": "0001-01-01T00:00:00Z",
			"hostname": "harvard",
			"id": "0a49a1cf-c747-47a0-bb14-94b1edb9f3ee",
			"instance_details": null,
			"last_seen": "0001-01-01T00:00:00Z",
			"managed": true,
			"os": "Ubuntu 16.04",
			"os_type": "linux",
			"project_name": "the-sound-and-the-fury",
			"registered_at": "0001-01-01T00:00:00Z",
			"services": [
				"ssh"
			],
			"sftd_version": "1.44.4",
			"ssh_host_keys": null,
			"state": "INACTIVE",
			"team_name": "william-faulkner"
		},
		{
			"access_address": null,
			"alt_names": null,
			"bastion": null,
			"canonical_name": null,
			"cloud_provider": null,
			"deleted_at": "0001-01-01T00:00:00Z",
			"hostname": "jefferson",
			"id": "ac68cb70-e3eb-4239-b6de-73d3878dd97b",
			"instance_details": null,
			"last_seen": "0001-01-01T00:00:00Z",
			"managed": true,
			"os": "Ubuntu 16.04",
			"os_type": "linux",
			"project_name": "the-sound-and-the-fury",
			"registered_at": "0001-01-01T00:00:00Z",
			"services": [
				"ssh"
			],
			"sftd_version": "1.44.4",
			"ssh_host_keys": null,
			"state": "INACTIVE",
			"team_name": "william-faulkner"
		}
	]
}

Add an Unmanaged Server to a Project

POST https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers

Adds an unmanaged Server to a Project. Unmanaged Servers don't use Advanced Server Access for authentication, but still receive Client Configuration Options. Create an Unmanaged Server to control connection options such port and agent forwarding for your users without requiring sftd to manage the Server..

This endpoint requires one of the following roles: access_admin, or server_admin.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields.

Properties	Type	Description
`access_address`	string	The access address of the Server
`alt_names`	array	(Optional) Alternative names for the Server
`hostname`	string	The hostname of the Server

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`access_address`	string	The access address of the Server
`alt_names`	array	(Optional) Alternative names for the Server
`bastion`	string	Specifies the bastion host that Clients automatically use when connecting to this host
`canonical_name`	string	Specifies the name that Clients should use/see when connecting to this host. Overrides the name found with hostname.
`cloud_provider`	string	The cloud provider of the Server, if one exists
`deleted_at`	string	The time the Server was deleted from the Project
`hostname`	string	The hostname of the Server
`id`	string	The UUID corresponding to the Server
`instance_details`	object	Information that the cloud provider provides about the Server, if one exists
`labels`	object	(Optional) The labels for this server. This parameter is only available with the PolicySync feature, which is currently in EA
`last_seen`	string	The last time that the Server made a request to the ASA platform
`managed`	boolean	True if the Server is managed by 'sftd'. Unmanaged Servers are used in configurations where users may have a bastion, for example, that they don't want/can't connect to through 'sftd'. With an Unmanaged Server record to represent this box, ASA knows that it exists and to use it as a bastion hop.
`os`	string	The particular OS of the Server, such as CentOS 6 or Debian 9.13
`os_type`	string	The OS family where the Server is running. Can be either Linux or Windows.
`project_name`	string	The Project that the Server belongs to
`registered_at`	string	The time that the Server was registered to the Project
`services`	array	The service that Clients use to connect to the Server. Can either be `ssh` or `rdp`.
`sftd_version`	string	The version of 'sftd' that the Server is running
`ssh_host_keys`	array	The host keys used to authenticate the Server
`state`	string	State of the Server: `ACTIVE` or `INACTIVE`
`team_name`	string	The name of the Team

Usage example

Request

curl -v -X POST \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"access_address": "1.2.3.4",
	"alt_names": [
		"bastion"
	],
	"hostname": "bastion.dev.com"
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers

Response

{
	"access_address": null,
	"alt_names": null,
	"bastion": null,
	"canonical_name": null,
	"cloud_provider": null,
	"deleted_at": "0001-01-01T00:00:00Z",
	"hostname": "bastion.dev.com",
	"id": "190cfa4d-9075-40b0-b50f-33fa7a940ac4",
	"instance_details": null,
	"last_seen": "0001-01-01T00:00:00Z",
	"managed": false,
	"os": "",
	"os_type": null,
	"project_name": "the-sound-and-the-fury",
	"registered_at": "0001-01-01T00:00:00Z",
	"services": [],
	"sftd_version": null,
	"ssh_host_keys": null,
	"state": "ACTIVE",
	"team_name": "william-faulkner"
}

Fetch the details of a Server in a Project

GET https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers/${server_id}

Fetches the details of a Server in a Project

This endpoint requires one of the following roles: access_user, access_admin, or server_admin.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`server_id`	string	The UUID of the Server
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns an object with the following fields and a 200 code on a successful call.

Properties	Type	Description
`access_address`	string	The access address of the Server
`alt_names`	array	(Optional) Alternative names for the Server
`bastion`	string	Specifies the bastion host that Clients automatically use when connecting to this host
`canonical_name`	string	Specifies the name that Clients should use/see when connecting to this host. Overrides the name found with hostname.
`cloud_provider`	string	The cloud provider of the Server, if one exists
`deleted_at`	string	The time the Server was deleted from the Project
`hostname`	string	The hostname of the Server
`id`	string	The UUID corresponding to the Server
`instance_details`	object	Information that the cloud provider provides about the Server, if one exists
`labels`	object	(Optional) The labels for this server. Only available with the PolicySync feature, which is currently in EA
`last_seen`	string	The last time that the Server made a request to the ASA platform
`managed`	boolean	True if the Server is managed by 'sftd'. Unmanaged Servers are used in configurations where users may have a bastion, for example, that they don't want/can't connect to through 'sftd'. With an Unmanaged Server record to represent this box, ASA knows that it exists and to use it as a bastion hop.
`os`	string	The particular OS of the Server, such as CentOS 6 or Debian 9.13
`os_type`	string	The OS family where the Server is running. Can be either Linux or Windows.
`project_name`	string	The Project that the Server belongs to
`registered_at`	string	The time that the Server was registered to the Project
`services`	array	The service that Clients use to connect to the Server. Can either be `ssh` or `rdp`.
`sftd_version`	string	The version of 'sftd' that the Server is running
`ssh_host_keys`	array	The host keys used to authenticate the Server
`state`	string	State of the Server: `ACTIVE` or `INACTIVE`
`team_name`	string	The name of the Team

Usage example

Request

curl -v -X GET \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers/${server_id}

Response

{
	"access_address": null,
	"alt_names": null,
	"bastion": null,
	"canonical_name": null,
	"cloud_provider": null,
	"deleted_at": "0001-01-01T00:00:00Z",
	"hostname": "harvard",
	"id": "0a49a1cf-c747-47a0-bb14-94b1edb9f3ee",
	"instance_details": null,
	"last_seen": "0001-01-01T00:00:00Z",
	"managed": true,
	"os": "Ubuntu 16.04",
	"os_type": "linux",
	"project_name": "the-sound-and-the-fury",
	"registered_at": "0001-01-01T00:00:00Z",
	"services": [
		"ssh"
	],
	"sftd_version": "1.44.4",
	"ssh_host_keys": null,
	"state": "INACTIVE",
	"team_name": "william-faulkner"
}

Remove a Server from a Project

DELETE https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers/${server_id}

Removes a Server from a Project

This endpoint requires one of the following roles: access_admin, or server_admin.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`server_id`	string	The UUID of the Server
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint has no request body.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X DELETE \
-H "Authorization: Bearer ${jwt}" \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers/${server_id}

Response

HTTP 204 No Content

Update a Server on a Project

PUT https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers/${server_id}

Updates a Server on a Project. This endpoint is only available with the PolicySync feature, which is currently in EA.

This endpoint requires one of the following roles: access_admin, or server_admin.

Request path parameters

Parameter	Type	Description
`project_name`	string	The Project name
`server_id`	string	The UUID of the Server
`team_name`	string	The name of your Team

Request query parameters

This endpoint has no query parameters.

Request body

This endpoint requires an object with the following fields:

Properties	Type	Description
`labels`	object	(Optional) A map of key value pairs. These labels will overwrite all labels previously supplied through the API for this server. You can only update labels from other sources using that source. If you don't supply the prefix 'api.' , it is automatically prepended.

Response body

This endpoint returns a 204 No Content response on a successful call.

Usage example

Request

curl -v -X PUT \
-H "Authorization: Bearer ${jwt}" \
--data '{
	"labels": {
		"foo": "bar"
	}
}' \
https://app.scaleft.com/v1/teams/${team_name}/projects/${project_name}/servers/${server_id}

Response

HTTP 204 No Content

Edit This Page On GitHub

On This Page

ASA Projects API

Get started

Projects API operations

List Projects for a Team

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

Create a Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

Fetch a Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

Delete a Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

Updates details of a specific Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

List Client Configuration Options for a Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

Add Client Configuration Options to a Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

Delete a Client Configuration Option from a Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

List Cloud Accounts in a Project

Request path parameters

Request query parameters

Request body

Response body

Usage example

Request

Response

Add a Cloud Account to a Project

Request path parameters

Request query parameters

Request body