Identity Web API

The Identity Awareness Identity Web API is a flexible identity source that you can use for simple integration with 3rd party security and identity products, such as ForeScout CounterACT and Aruba Networks ClearPass. The Identity Web API identity source provides a flexible method for the creation of identities based on environment needs. With the Identity Web API, you can create and revoke identities, and query the Identity Awareness Software Blade regarding users, IP addresses, and computers.

The Identity Web API uses the REST protocol over HTTPS. The Identity Awareness Gateway authenticates and authorizes the users and computers with the information it gets from the Web API.

You can create associations for users and machines. Identity Awareness Gateway can calculate their group membership and Access Roles, or you can provide that information. The Web API is useful for:

Integration with 3rd security products. For example, you can apply a special restricted Access Role to quarantine an infected machine detected by a 3rd party security product.
Integration with other authentication systems.
Automation of administrative tasks related to Identity Awareness.

Identity Web API gets JSON requests over HTTPS. Each JSON request contains one Identity Web API command, or a bulk of commands. Each API command must include a shared secret that was pre-configured in SmartConsole.

The Identity Web API supports 3 commands:

Command	Description
`add-identity`	Associates an IP address to a user or a computer for a specified amount of time.
`delete-identity`	Revokes sessions that match one IP address or an IP range.
`show-identity`	Queries the identities related to an IP address, and other information the Identity Awareness blade saves about this IP address.