Tetrate Service Bridge API (1.6.x)

Download OpenAPI specification:Download

URL: https://www.tetrate.io/tetrate-service-bridge/

Tetrate Service Bridge API.

OAuth

OIDC

Callback endpoint for OAuth2 Authorization Code grant flows as part of the OIDC spec.

query Parameters

code	string OAuth2 Authorization Code. When present this indicates the user authorized the request. TSB will use this code to acquire a token from the OIDC token endpoint and complete the login flow.
error	string OAuth2 Error Code. When present this indicates that either the authorization request has an error, the OIDC provider encountered an error or the user failed to log in. When set TSB will display information to the user indicating what went wrong. Standard error codes can be found found here. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#AuthError
state required	string The state parameter sent to the OIDC provider on the authorization request.
errorDescription	string Optional error description sent by the OIDC provider when an error occurs.
errorUri	string Optional error URI of a web page that includes additional information about the error.

Responses

Response samples

200
default

Content type

application/json

{ }

Login endpoint to start an OIDC Authentication flow.

query Parameters

redirectUri

string

URl where the user will be redirected when the authentication flow completes.

Responses

Response samples

200
default

Content type

application/json

{ }

Applications

List all existing applications for the given tenant.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Responses

Response samples

200
default

Content type

application/json

{"applications": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}
]
}

Creates a new Application in TSB.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

required	object (v2Application) An Application represents a set of logical groupings of services that are related to each other and expose a set of APIs that implement a complete set of business logic.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"application": {"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
]
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Get the details of an existing application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Modify an existing application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
gatewayGroup	string Optional FQN of the Gateway Group to be used by the application. If configured, this gateway group will be used by the application. If no namespaces are configured and no existing gateway group is set, a new gateway group claiming all namespaces in the workspace (`/`) will be created by default. All Ingress Gateway resources created for the APIs attached to the application will be created in the application's gateway group.
	object (`NamespaceSelector` selects a set of namespaces across one or more clusters in a tenant. Namespace selectors can be used at Workspace level to carve out a chunk of resources under a tenant into an isolated configuration domain. They can be used in a Traffic, Security, or a Gateway group to further scope the set of namespaces that will belong to a specific configuration group. Names in namespaces selector must be in the form `cluster/namespace` where: - cluster must be a cluster name or an `` to mean all clusters - namespace must be a namespace name, an `` to mean all namespaces or a prefix like `ns-*` to mean all those namespaces starting by `ns-`)
services	Array of strings Optional list of services that are part of the application. This is a list of FQNs of services in the service registry. If omitted, the application is assumed to own all the services in the workspace. Note that a service can only be part of one application. If any of the services in the list is already in use by an existing application, application creation/modification will fail. If the list of services is not explicitly set and any service in the workspace is already in use by by another application, application creation/modification will fail.
workspace required	string FQN of the workspace this application is part of. The application will configure IngressGateways for the attached APIs in the different namespaces exposed by this workspace.

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"displayName": "string",
"etag": "string",
"gatewayGroup": "string",
"namespaceSelector": {"names": ["string"
]
},
"services": ["string"
],
"workspace": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Delete an existing Application. Note that deleting resources in TSB is a recursive operation. Deleting a application will delete all API objects that exist in it.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{ }

List all APIs attached to the given application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{"apis": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"servers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": null,
"headers": { }
}
],
"modify": {"rewrite": {"uri": null,
"authority": null
},
"headers": {"request": null,
"response": null
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [null
],
"limit": {"requestsPerUnit": null,
"unit": null
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [null
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"endpoints": [{"path": "string",
"methods": ["string"
],
"hostnames": ["string"
],
"service": "string"
}
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}
]
}

Attach a new API to the given application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

required	object (v2API) An API configuring a set of servers and endpoints that expose the Application business logic.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"api": {"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
}
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"servers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"endpoints": [{"path": "string",
"methods": ["string"
],
"hostnames": ["string"
],
"service": "string"
}
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Get the details of an API.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"servers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"endpoints": [{"path": "string",
"methods": ["string"
],
"hostnames": ["string"
],
"service": "string"
}
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Delete an existing API.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Responses

Response samples

200
default

Content type

application/json

{ }

WasmExtensions

List the WASM extensions that are defined for the Organization.

path Parameters

organization

required

string

Organization name.

Responses

Response samples

200
default

Content type

application/json

{"extensions": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}
]
}

Creates a new WasmExtension object in TSB. This is needed to let the extensions run. Once a WasmExtension has been created, it can be assigned to IngressGateway and SecuritySetting. This method returns the created extension.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

name required	string The short name for the resource to be created.
required	object (v2WasmExtension)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"wasmExtension": {"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Get a WASM extension

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Modify an existing WasmExtension. When modifying the details of an extension in use, such as the image property, enabled flag, phase, or default configuration, a redeploy or reconfiguration of the extension may be triggered, affecting live traffic in all those places that reference the extension. Similarly, changes to the allowed_in property may trigger the removal of the extension from all places where the extension was in use that are not allowed to use it anymore, affecting live traffic on the relevant namespaces as well.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

allowedIn	Array of strings List of fqns where this extension is allowed to run. If it is empty, the extension can be used across the entire organization. Currently only Tenant resources are considered.
config	object Configuration parameters sent to the WASM plugin execution The configuration can be overwritten when instantiating the extensions in IngressGateways or Security groups. The config is serialized using proto3 JSON marshaling and passed to proxy_on_configure when the host environment starts the plugin.
description	string (A description of the extension. $hide_from_yaml)
displayName	string (User friendly name for the extension. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
image required	string Repository and tag of the OCI image containing the WASM extension.
imagePullPolicy	string (WasmExtensionPullPolicy) Default: "UNSPECIFIED_POLICY" Enum: "UNSPECIFIED_POLICY" "IfNotPresent" "Always" The pull behaviour to be applied when fetching a WASM module, mirroring K8s behaviour. UNSPECIFIED_POLICY: Defaults to IfNotPresent, except for OCI images with tag `latest`, for which the default will be Always. IfNotPresent: If an existing version of the image has been pulled before, that will be used. If no version of the image is present locally, we will pull the latest version. Always: We will always pull the latest version of an image when changing this plugin. Note that the change includes `metadata` field as well.
imagePullSecret	string Credentials to use for OCI image pulling. Name of a K8s Secret in the same namespace as the `WasmPlugin` that contains a docker pull secret which is to be used to authenticate against the registry when pulling the image.
phase	string (Plugin phases following Istio definition: https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/#PluginPhase) Default: "UNSPECIFIED_PHASE" Enum: "UNSPECIFIED_PHASE" "AUTHN" "AUTHZ" "STATS" UNSPECIFIED_PHASE: Control plane decides where to insert the plugin. This will generally be at the end of the filter chain, right before the Router. Do not specify PluginPhase if the plugin is independent of others. AUTHN: Insert plugin before Istio authentication filters. AUTHZ: Insert plugin before Istio authorization filters and after Istio authentication filters. STATS: Insert plugin before Istio stats filters and after Istio authorization filters.
priority	integer <int32> Determines the ordering of WasmExtensions in the same phase. When multiple WasmExtensions are applied to the same workload in the same phase, they will be applied by priority, in descending order. If no priority is assigned it will use the default 0 value. In case of several extensions having the same priority in the same phase, the fqn will be used to sort them.
source	string (Source to find the code for the WASM extension)
	object (v2VmConfig) Configuration for a Wasm VM. more details can be found here.

Responses

Request samples

Payload

Content type

application/json

{"allowedIn": ["string"
],
"config": { },
"description": "string",
"displayName": "string",
"etag": "string",
"image": "string",
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"source": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Delete a WasmExtension. Note that deleting a WasmExtension will delete the extension itself, and also its assignments to IngressGateway and SecuritySetting.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Responses

Response samples

200
default

Content type

application/json

{ }

Gateway

List all gateway groups that exist in the workspace.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Responses

Response samples

200
default

Content type

application/json

{"groups": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}
]
}

Create a new gateway group in the given workspace.

Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

required	object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"group": {"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

Get the details of the given gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

update the given gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

configMode	string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group. BRIDGED: Indicates that the configurations to be added to the group will use macro APIs that automatically generate Istio APIs under the hood. DIRECT: Indicates that the configurations to be added to the group will directly use Istio APIs.
description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
required	object (`NamespaceSelector` selects a set of namespaces across one or more clusters in a tenant. Namespace selectors can be used at Workspace level to carve out a chunk of resources under a tenant into an isolated configuration domain. They can be used in a Traffic, Security, or a Gateway group to further scope the set of namespaces that will belong to a specific configuration group. Names in namespaces selector must be in the form `cluster/namespace` where: - cluster must be a cluster name or an `` to mean all clusters - namespace must be a namespace name, an `` to mean all namespaces or a prefix like `ns-*` to mean all those namespaces starting by `ns-`)

Responses

Request samples

Payload

Content type

application/json

{"configMode": "BRIDGED",
"description": "string",
"displayName": "string",
"etag": "string",
"namespaceSelector": {"names": ["string"
]
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

Delete the given gateway group. Note that deleting resources in TSB is a recursive operation. Deleting a gateway group will delete all configuration objects that exist in it.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{ }

List all Egress Gateway objects in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"egressGateways": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": null,
"privateKey": null,
"caCertificates": null
},
"subjectAltNames": [null
]
}
},
"local": {"rules": [{"name": null,
"from": [ ],
"to": [ ]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": null
},
"to": {"fqn": null
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": null
},
"to": {"fqn": null
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}
]
}

Create an Egress Gateway object in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

required	object (v2EgressGateway) `EgressGateway` configures a workload to act as an egress gateway in the mesh. -->
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"egressGateway": {"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}

Get the details of the given Egress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}

Modify the given Egress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

	Array of objects (EgressAuthorization is used to dictate which service accounts can access a set of external hosts) The description of which service accounts can access which hosts. If the list of authorization rules is empty, this egress gateway will deny all traffic.
description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this EgressGateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions.
required	object (v2WorkloadSelector) `WorkloadSelector` selects one or more workloads in a namespace. `WorkloadSelector` can be used in TrafficSetting, SecuritySetting, and Gateway APIs in `BRIDGED` mode to scope the configuration to a specific set of workloads.

Responses

Request samples

Payload

Content type

application/json

{"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"description": "string",
"displayName": "string",
"etag": "string",
"extension": [{"fqn": "string",
"config": { }
}
],
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}

Delete the given Egress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Responses

Response samples

200
default

Content type

application/json

{ }

List all Ingress Gateway objects in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"ingressGateways": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": null,
"headers": { }
}
],
"modify": {"rewrite": {"uri": null,
"authority": null
},
"headers": {"request": null,
"response": null
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [null
],
"limit": {"requestsPerUnit": null,
"unit": null
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [null
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}
]
}

Create an Ingress Gateway object in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

required	object (v2IngressGateway) `IngressGateway` configures a workload to act as an ingress gateway into the mesh.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"ingressGateway": {"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": null,
"prefix": null,
"regex": null
},
"headers": {"property1": null,
"property2": null
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": { },
"add": { },
"remove": [ ]
},
"response": {"set": { },
"add": { },
"remove": [ ]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": null,
"header": null
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": null,
"destinationCluster": null,
"remoteAddress": null,
"requestHeaders": null,
"headerValueMatch": null
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}

Get the details of the given Ingress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"rou

Tetrate Service Bridge API (1.6.x)

OAuth

OIDC

Callback endpoint for OAuth2 Authorization Code grant flows as part of the OIDC spec.

query Parameters

Responses

Response samples

Login endpoint to start an OIDC Authentication flow.

query Parameters

Responses

Response samples

Applications

List all existing applications for the given tenant.

path Parameters

Responses

Response samples

Creates a new Application in TSB.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get the details of an existing application.

path Parameters

Responses

Response samples

Modify an existing application.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Delete an existing Application. Note that deleting resources in TSB is a recursive operation. Deleting a application will delete all API objects that exist in it.

path Parameters

Responses

Response samples

List all APIs attached to the given application.

path Parameters

Responses

Response samples

Attach a new API to the given application.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get the details of an API.

path Parameters

Responses

Response samples

Delete an existing API.

path Parameters

Responses

Response samples

WasmExtensions

List the WASM extensions that are defined for the Organization.

path Parameters

Responses

Response samples

Creates a new WasmExtension object in TSB. This is needed to let the extensions run. Once a WasmExtension has been created, it can be assigned to IngressGateway and SecuritySetting. This method returns the created extension.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get a WASM extension

path Parameters

Responses

Response samples

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Delete a WasmExtension. Note that deleting a WasmExtension will delete the extension itself, and also its assignments to IngressGateway and SecuritySetting.

path Parameters

Responses

Response samples

Gateway

List all gateway groups that exist in the workspace.

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required