Managing users and groups via REST APIs
Forcepoint ONE SSE' Configuration REST API supports creating users and groups programmatically for integration into external user management, governance, or scripted solutions.
For authorizing users, you need to setup OAuth.
API Calls
Each API call requires the following:
- Method = HTTP POST or HTTP GETNote: Use HTTP POST to create or update a group or a user and use HTTP GET to view details of a group or a user.
- URI Params define the type of operation and action to perform
- HTTP body as JSON
URL
https://portal.bitglass.com/api/bitglassapi/config/v1.1/
Response Codes
| Response Code | Message | Notes | Groups | User |
|---|---|---|---|---|
| 200 | Request was successful | X | X | |
| 400 | Required parameters missing | Required parameters to create/delete a user are missing | X | |
| 400 | Invalid type: <type>. Supported types are: user, group | Invalid value for type | X | X |
| 400 |
Invalid action: <action>. Supported action for users are: createupdate, deactivate, reactivate, addtogroup & removefromgroup Supported action for groups are: createupdate, delete, addmembers & removemembers |
Invalid value for action | X | X |
| 400 | Company email needs to be in your company's domain | If the company email domain is not in the company domain | X | |
| 400 | Invalid mobile number. Make sure that the mobile number should not contain country code. | If the mobile number is sent with country code. | X | |
| 400 | Invalid country code: <countrycode>. Make sure that it is a valid country code. | If the country code does not exist in the countries list. | X | |
| 400 | Invalid mobile number and country code. | If the mobile number and the country code are invalid. | X | |
| 400 | Mobile number needs to be accompanied by the country code. | If mobile number is included in the request but country code is blank | X | |
| 400 | User <user email> is already deactivated | If an already deactivated user is deactivated. | X | |
| 400 | Invalid admin role: <adminrole> | Admin role in the request does not exist. | X | |
| 400 | Group name: <groupname> does not exist. | If the group to which users are being added does not exist | X | |
| 400 | Invalid group name: <groupname>. Make sure that the group you are trying to rename is valid. | If the group to be renamed does not exist. | X | |
| 400 | Invalid action. Admin cannot be deactivated. | If the admin is the only user in the company he/she cannot be deactivated. | X | |
| 400 | Unable to remove yourself as a Forcepoint ONE SSE administrator | If the admin tries to remove his/her admin role from his assigned roles. | X | |
| 401 | Authorization required | Authorization header missing | X | X |
| 401 | Invalid credentials | User does not exist or invalid password | X | X |
| 401 | Basic auth required | Authorization is not basic | X | X |
| 403 | Unauthorized | User is not a sysadmin or API livesetting is not enabled for the company | X | X |
| 503 | Temporarily unavailable | X | X |