### Get All Users API Example Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This cURL command illustrates how to retrieve a paginated list of users. Optional query parameters like page, per-page, filter, order, and group-by can be used to refine the results. ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/users" ``` -------------------------------- ### Install Agent Controller on VM with Custom TLS Source: https://docs.aembit.io/_llms-txt/user-guide.txt This example shows how to install the Agent Controller on a Virtual Machine, specifying the paths to the TLS certificate and key files using environment variables. Replace the placeholder paths and values with your specific configuration. ```shell sudo TLS_PEM_PATH=/path/to/tls.crt TLS_KEY_PATH=/path/to/tls.key AEMBIT_TENANT_ID=tenant AEMBIT_AGENT_CONTROLLER_ID=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee ./install ``` -------------------------------- ### Install Agent Proxy using msiexec Source: https://docs.aembit.io/_llms-txt/user-guide.txt This command installs the Agent Proxy on Windows Server using 'msiexec'. It takes the downloaded MSI file as input and logs the installation process to 'install.log'. Optionally, environment variables for configuration can be appended to the command. ```powershell msiexec /i aembit_agent_proxy_windows_amd64_.msi /l*v install.log ``` -------------------------------- ### Create User API Example Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This example shows how to create a new user via the API using a cURL command. It requires the Content-Type header and a JSON payload conforming to the UserDTO. ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v1/users" ``` -------------------------------- ### GET /api/v1/agent-controllers Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Get a page of Agent Controllers. ```APIDOC ## GET /api/v1/agent-controllers ### Description Get a page of Agent Controllers. ### Method GET ### Endpoint /api/v1/agent-controllers ### Parameters #### Query Parameters - **page** (undefined) - Optional - any - **per-page** (undefined) - Optional - any - **filter** (undefined) - Optional - any - **order** (undefined) - Optional - any - **group-by** (undefined) - Optional - any - **query** (undefined) - Optional - any ### Request Example ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/agent-controllers" ``` ### Response #### Success Response (200) - **Schema**: any - Page of Agent Controllers #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### Get User by ID API Example Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This example shows how to retrieve a specific user by their ID using a cURL command. The user's ID is included as a path parameter. ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v1/users/{id}'" ``` -------------------------------- ### Get Page of Server Workloads using cURL Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This example demonstrates how to retrieve a paginated list of Server Workloads using a cURL GET request. Optional parameters for pagination and filtering can be included in the URL. ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/server-workloads" ``` -------------------------------- ### Install Aembit Agent Proxy on Linux VM Source: https://docs.aembit.io/_llms-txt/user-guide.txt This snippet demonstrates the process of installing the Aembit Agent Proxy on a Linux virtual machine. It involves downloading the agent, unpacking the archive, and running the installer with the agent controller host specified. Ensure you replace placeholders like `` and `` with your specific values. ```shell ssh -i @ ``` ```shell wget https://releases.aembit.io/agent_proxy//linux/amd64/aembit_agent_proxy_linux_amd64_.tar.gz ``` ```shell tar xf aembit_agent_proxy_linux_amd64_.tar.gz ``` ```shell cd aembit_agent_proxy_linux_amd64_ ``` ```shell sudo AEMBIT_AGENT_CONTROLLER=http://:5000 ./install ``` -------------------------------- ### Install and Verify Helm (Linux) Source: https://docs.aembit.io/_llms-txt/get-started-guide.txt Installs the Helm 3 binary on a Linux system using a script and then verifies the installation by displaying the Helm version. This is done in a terminal. ```shell curl -fsSL -o get_helm.sh "https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3" chmod 700 get_helm.sh ./get_helm.sh helm version ``` -------------------------------- ### GET /api/v1/agent-controllers Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Get a page of Agent Controllers. ```APIDOC ## GET /api/v1/agent-controllers ### Description Get a page of Agent Controllers. ### Method GET ### Endpoint /api/v1/agent-controllers ### Parameters #### Query Parameters - **page** (undefined) - Optional - any - **per-page** (undefined) - Optional - any ``` -------------------------------- ### Install Agent Controller (msiexec) Source: https://docs.aembit.io/_llms-txt/user-guide.txt This command installs the Aembit Agent Controller on Windows Server using the msiexec utility. It requires the MSI file and specific Aembit parameters: AEMBIT_TENANT_ID and AEMBIT_AGENT_CONTROLLER_ID. A verbose installer log is also generated. ```cmd msiexec /i aembit_agent_controller.msi /l*v installer.log ` AEMBIT_TENANT_ID= ` AEMBIT_AGENT_CONTROLLER_ID= ``` -------------------------------- ### GET /api/v1/roles Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Get a page of Roles. ```APIDOC ## GET /api/v1/roles ### Description Get a page of Roles. ### Method GET ### Endpoint /api/v1/roles ### Parameters #### Query Parameters - **page** (undefined) - Optional - any - **per-page** (undefined) - Optional - any - **filter** (undefined) - Optional - any - **order** (undefined) - Optional - any - **group-by** (undefined) - Optional - any ### Response #### Success Response (200) - **Page of Roles** (any) - Description: Page of Roles #### Response Example ```json { "example": "response data" } ``` ``` -------------------------------- ### Example Jenkins Build Console Output Source: https://docs.aembit.io/_llms-txt/user-guide.txt This is an example of the console output from a Jenkins job that successfully retrieves credentials using the Aembit CLI and OIDC authentication. It shows the download, authentication process, and the final successful retrieval of a token. ```shell Started by user Jenkins Admin Running as SYSTEM Agent default-zdbrp is provisioned from template default --- ... ... 2025-07-29T00:03:03.912925Z INFO aembit_assessment::gather Detected AWS platform. 2025-07-29T00:03:03.913054Z INFO aembit_assessment::gather Getting AWS EC2 metadata. 2025-07-29T00:03:03.913058Z INFO aembit_assessment::aws Getting AWS EC2 assessment. 2025-07-29T00:03:04.210428Z INFO aembit_controlplane::commands Received credentials for access policy. Context ID: c8fe6a20-cb6c-4bd6-b1eb-2cdd9b87bd76. export TOKEN=my_secure_api_key_abc123xyz789 Successfully retrieved credentials Finished: SUCCESS ``` -------------------------------- ### Install Aembit Agent Controller with MSI Source: https://docs.aembit.io/_llms-txt/user-guide.txt This command installs the Aembit Agent Controller using the MSI package. It requires specifying the Agent Controller ID, Tenant ID, enabling Kerberos attestation, and providing a service logon account, likely a gMSA. Installer logs are directed to 'installer.log'. ```powershell msiexec /i aembit_agent_controller.msi /l*v installer.log AEMBIT_AGENT_CONTROLLER_ID= AEMBIT_TENANT_ID= AEMBIT_KERBEROS_ATTESTATION_ENABLED=true SERVICE_LOGON_ACCOUNT=\$ ``` -------------------------------- ### Install Agent Controller with Tenant and Agent IDs Source: https://docs.aembit.io/_llms-txt/user-guide.txt This command executes the Agent Controller installer script. It requires replacing `` and `` with your specific Aembit tenant and agent controller identifiers. Optionally, other environment variables can be set. ```shell sudo AEMBIT_TENANT_ID= AEMBIT_AGENT_CONTROLLER_ID= ./install ``` -------------------------------- ### GET /api/v1/routings Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Get a page of Routings. Retrieves a paginated list of routing configurations. ```APIDOC ## GET /api/v1/routings ### Description Get a page of Routings. ### Method GET ### Endpoint /api/v1/routings ### Parameters #### Path Parameters None #### Query Parameters - **page** (any) - Optional - Specifies the page number for pagination. - **per-page** (any) - Optional - Specifies the number of items per page for pagination. #### Request Body None ### Request Example ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/routings?page=1&per-page=10" ``` ### Response #### Success Response (200) - **Page of Routings** (object) - Description: A page containing routing configurations. #### Response Example ```json { "example": "paginated routing data" } ``` #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ``` -------------------------------- ### Dynamic Claims Syntax and Examples Source: https://docs.aembit.io/_llms-txt/user-guide.txt Illustrates the syntax for defining dynamic claims using template expressions and provides common examples for extracting various types of data from tokens and environment variables. This helps in understanding how to reference and combine values. ```plaintext `${oidc.identityToken.decode.payload.claim_name}` `${gitlab.identityToken.decode.payload.claim_name}` `${github.identityToken.decode.payload.claim_name}` `${os.environment.VARIABLE_NAME}` `${oidc.identityToken.decode.payload.user_login}_suffix` ``` ```plaintext `${oidc.identityToken.decode.payload.user_email}` `${oidc.identityToken.decode.payload.user_login}` `${oidc.identityToken.decode.payload.groups}` `${gitlab.identityToken.decode.payload.project_path}` `${gitlab.identityToken.decode.payload.ref}` `${gitlab.identityToken.decode.payload.job_id}` `${github.identityToken.decode.payload.actor}` `${github.identityToken.decode.payload.repository}` `${github.identityToken.decode.payload.workflow}` `${os.environment.K8S_POD_NAME}` `${oidc.identityToken.decode.payload.user_login}_dynamic` ``` -------------------------------- ### Get Page of Roles (cURL) Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This cURL example retrieves a paginated list of roles. Optional query parameters such as 'page', 'per-page', 'filter', 'order', and 'group-by' can be utilized for filtering and sorting. A '200' status indicates a successful retrieval of the role page. ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/roles" ``` -------------------------------- ### Install SELinux Policy Source: https://docs.aembit.io/_llms-txt/user-guide.txt Installs the newly generated SELinux policy for the Agent Proxy using a shell script created during the policy generation process. This script compiles and loads the policy into SELinux. ```shell cd ~/edge_component_policy sudo ./aembit_agent_proxy.sh ``` -------------------------------- ### Install Agent Controller with Device Code Source: https://docs.aembit.io/_llms-txt/user-guide.txt This command installs the Agent Controller using a device code, suitable for environments without a Trust Provider or for non-production scenarios. Replace `` and `` with your Aembit tenant ID and generated device code. ```shell sudo AEMBIT_TENANT_ID= AEMBIT_DEVICE_CODE= ./install ``` -------------------------------- ### Install CA Certificates on Debian/Ubuntu VMs Source: https://docs.aembit.io/_llms-txt/user-guide.txt This shell command installs the Aembit Tenant Root CA certificate on Debian/Ubuntu virtual machines. It updates the package list, installs 'ca-certificates', downloads the root CA using wget, saves it to the appropriate directory, and updates the system's trusted CA certificates. Replace `` with your actual tenant ID. ```shell sudo apt-get update && sudo apt-get install -y ca-certificates sudo wget https://.aembit.io/api/v1/root-ca \ -O /usr/local/share/ca-certificates/.crt sudo update-ca-certificates ``` -------------------------------- ### SPIFFE JWT-SVID Environment (environment) Claim Examples Source: https://docs.aembit.io/_llms-txt/user-guide.txt Examples of configuring the 'environment' claim in a SPIFFE JWT-SVID token, showing both literal and dynamic (OS environment variable) approaches. ```text production ``` ```text ${os.environment.ENV} ``` -------------------------------- ### SPIFFE JWT-SVID Namespace (namespace) Claim Dynamic Example Source: https://docs.aembit.io/_llms-txt/user-guide.txt Shows a dynamic configuration example for the 'namespace' claim in a SPIFFE JWT-SVID token, often derived from OIDC payload information. ```text ${oidc.identityToken.decode.payload.namespace} ``` -------------------------------- ### GET /api/v1/discovery-integrations Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Retrieves a list of discovery integrations. ```APIDOC ## GET /api/v1/discovery-integrations ### Description Retrieves a list of discovery integrations. ### Method GET ### Endpoint /api/v1/discovery-integrations ### Parameters (No parameters specified in the provided text) ### Response (Response details not fully specified in the provided text) ### Request Example (cURL example not provided in the provided text) ``` -------------------------------- ### SPIFFE ID Dynamic Generation Examples Source: https://docs.aembit.io/_llms-txt/user-guide.txt Examples demonstrating how to dynamically generate SPIFFE IDs from workload attributes in different environments like Kubernetes and AWS. This allows for automated and context-aware identity configuration. ```text Kubernetes: spiffe://your-domain/ns/${namespace}/sa/${serviceaccount} AWS: spiffe://your-domain/aws/account/${account}/role/${role} ``` -------------------------------- ### Get All Routings cURL Example Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This cURL command retrieves a list of all available routings from the Aembit API. It is a simple GET request to the specified endpoint. ```bash curl -X GET \n"https://your-tenant.aembit.io/api/v1/routings" ``` -------------------------------- ### Install SELinux Packages on RHEL Source: https://docs.aembit.io/_llms-txt/user-guide.txt Installs the necessary SELinux development packages required for creating custom SELinux policies on Red Hat Enterprise Linux. This is a prerequisite for policy generation. ```shell sudo dnf install -y selinux-policy-devel rpm-build ``` -------------------------------- ### Deploy Client and Server Workloads with Helm Source: https://docs.aembit.io/_llms-txt/get-started-guide.txt This command deploys both the client and server workloads using the Aembit Helm chart. It installs the 'aembit-quickstart' release in the 'aembit-quickstart' namespace, creating the namespace if it doesn't exist. Ensure Docker Desktop with Kubernetes enabled and Helm are installed. ```shell helm install aembit-quickstart aembit/quickstart \ -n aembit-quickstart \ --create-namespace ``` -------------------------------- ### Get SignOn Policy cURL Example Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This cURL command retrieves a specific SignOn Policy by its name using a GET request to the Aembit API. It is useful for inspecting existing policy configurations. ```bash curl -X GET \n"https://your-tenant.aembit.io/api/v1/signin-policies" ``` -------------------------------- ### Verify and Install Aembit Helm Chart using Helm CLI Source: https://docs.aembit.io/_llms-txt/user-guide.txt Installs the Aembit Helm chart into your Kubernetes cluster after verifying its signature using the specified GPG keyring. This ensures the deployed chart is authentic. ```shell helm install aembit aembit/aembit \ --verify \ --keyring ~/.gnupg/pubring.gpg \ --set tenant=,agentController.id= ``` -------------------------------- ### POST /api/v2/access-policies Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Create an Access Policy. Create an Access Policy. ```APIDOC ## POST /api/v2/access-policies ### Description Create an Access Policy. Create an Access Policy. ### Method POST ### Endpoint /api/v2/access-policies ### Parameters #### Request Body - **CreatePolicyDTO** (any) - Required - Request body for creating an access policy. ### Request Example ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{ "example": "data" }' \ "https://your-tenant.aembit.io/api/v2/access-policies" ``` ### Response #### Success Response (200) - **Schema**: any - Created Access Policy #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### SPIFFE JWT-SVID Service Account (service_account) Claim Dynamic Example Source: https://docs.aembit.io/_llms-txt/user-guide.txt Demonstrates a dynamic configuration example for the 'service_account' claim in a SPIFFE JWT-SVID token, typically extracted from OIDC payload data. ```text ${oidc.identityToken.decode.payload.service_account} ``` -------------------------------- ### POST /api/v1/discovery-integrations Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Creates a new integration within the system. ```APIDOC ## POST /api/v1/discovery-integrations ### Description Create an Integration. ### Method POST ### Endpoint /api/v1/discovery-integrations ### Parameters #### Request Body - **DiscoveryIntegrationDTO** (any) - Required - The data for the new integration. - Content-Type: application/json ### Responses #### Success Response (201) - **Created Integration** (any) - The newly created integration object. #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ### Request Example ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v1/discovery-integrations" ``` ``` -------------------------------- ### Get SSO Identity Provider cURL Example Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This cURL command retrieves details for a specific Single Sign-On (SSO) Identity Provider, identified by its unique ID. It's a GET request to the Aembit API. ```bash curl -X GET \n"https://your-tenant.aembit.io/api/v1/sso-idps/{id}" ``` -------------------------------- ### Get Access Policy by Workload IDs v2 (cURL) Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Example of retrieving an access policy using client and server workload IDs via a cURL command with the v2 API. This GET request does not require a request body. ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v2/access-policies/getByWorkloadIds/{clientWorkloadId}/{serverWorkloadId}'" ``` -------------------------------- ### Helm Chart Initialization and Repository Management Source: https://docs.aembit.io/_llms-txt/user-guide.txt Commands to initialize a Helm chart directory and manage the Aembit Helm repository. This includes adding the repository, updating it, and preparing for chart download. ```shell mkdir aembit-helmChart && cd aembit-helmChart ``` ```shell helm repo add aembit https://helm.aembit.io helm repo update aembit ``` -------------------------------- ### Get Credential Provider Authorization URL with cURL Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This example shows a cURL GET request to obtain an authorization URL for a Credential Provider. The request is made to the /api/v1/credential-providers/{id}/authorize endpoint. Replace {id} with the relevant provider ID. ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v1/credential-providers/{id}/authorize'" ``` -------------------------------- ### Get Server Workload by ID using cURL Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This example shows how to retrieve a specific Server Workload by its ID using a cURL GET request. The ID is part of the URL path. A successful retrieval returns a 200 status code. ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v1/server-workloads/{id}'" ``` -------------------------------- ### Get Access Policy by Workload IDs (cURL) Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This example shows how to retrieve an access policy based on client and server workload IDs using cURL. The GET request includes both workload IDs in the URL path. Optional headers like X-Aembit-ResourceSet can be utilized. ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v1/access-policies/getByWorkloadIds/{clientWorkloadId}/{serverWorkloadId}'" ``` -------------------------------- ### POST /api/v1/server-workloads Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Creates a new Server Workload. ```APIDOC ## POST /api/v1/server-workloads ### Description Create a Server Workload. ### Method POST ### Endpoint /api/v1/server-workloads #### Parameters ##### Path Parameters - None #### Query Parameters - **X-Aembit-ResourceSet** (undefined) - Optional - Any #### Request Body - **ServerWorkloadExternalDTO** (any) - Required - Schema: any ### Request Example ```json { "example": "data" } ``` ### Response #### Success Response (204) - **Created Server Workload** (any) - Schema: any #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ``` -------------------------------- ### Get Integrations List Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Retrieves a paginated list of integrations. Supports parameters for filtering, pagination, and ordering. Requires authentication and returns a page of integrations or error codes. ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/integrations" ``` -------------------------------- ### Get Access Policy by ID (cURL) Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This example shows how to retrieve a specific access policy using its ID via a cURL GET request. The request includes the access policy ID in the URL. Optional headers like X-Aembit-ResourceSet can be included for specific resource set filtering. ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v1/access-policies/{id}'" ``` -------------------------------- ### POST /api/v1/agent-controllers Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Creates a new agent controller. ```APIDOC ## POST /api/v1/agent-controllers ### Description Creates a new Agent Controller. ### Method POST ### Endpoint /api/v1/agent-controllers ### Request Body - **AgentControllerDTO** (any) - Required - The data transfer object for creating an Agent Controller. ### Request Example ```json { "example": "data" } ``` ### Response #### Success Response (201) - **Created Agent Controller** (any) - The newly created agent controller. #### Response Example ```json { "example": "response body" } ``` #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ``` -------------------------------- ### Get All Users using cURL Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This example shows how to retrieve a paginated list of all users using a cURL command. It targets the '/api/v1/users' endpoint and expects a 200 status code with a page of user data in JSON format. ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/users" ``` -------------------------------- ### Verify SSO Identity Provider cURL Example Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This cURL command verifies if a Single Sign-On (SSO) Identity Provider has all necessary configuration data. It's a GET request that requires the provider's ID as a path parameter. ```bash curl -X GET \n"https://your-tenant.aembit.io'/api/v1/sso-idps/{id}/verification'" ``` -------------------------------- ### POST /api/v1/agent-controllers Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Creates a new Agent Controller. ```APIDOC ## POST /api/v1/agent-controllers ### Description Create an Agent Controller. ### Method POST ### Endpoint /api/v1/agent-controllers #### Request Body - **AgentControllerDTO** (any) - Required - The data transfer object for creating an Agent Controller. ### Response #### Success Response (201) - **Created Agent Controller** (any) - The newly created Agent Controller. #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ### Request Example ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v1/agent-controllers" ``` ``` -------------------------------- ### Retrieve Credential Provider by ID with cURL Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt This example shows how to retrieve a specific Credential Provider using its ID via a cURL GET request. It targets the /api/v1/credential-providers/{id} endpoint. Ensure to replace {id} with the actual provider ID. ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v1/credential-providers/{id}'" ``` -------------------------------- ### Get Client Workload Identifiers using cURL Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt This example demonstrates how to retrieve client workload identifiers using a cURL command. It targets the Aembit API v1 endpoint for client workloads. Ensure you replace 'your-tenant.aembit.io' with your actual tenant domain. ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/client-workloads/identifiers" ``` -------------------------------- ### POST /api/v2/access-policies Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Create an Access Policy. ```APIDOC ## POST /api/v2/access-policies ### Description Create an Access Policy. ### Method POST ### Endpoint /api/v2/access-policies ### Parameters #### Request Body - **CreatePolicyDTO** (any) - Required - Description ### Response #### Success Response (200) - **Created Access Policy** (any) - Description #### Response Example ```json { "example": "response body" } ``` ### Request Example ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v2/access-policies" ``` ``` -------------------------------- ### Get Integrations List (cURL) Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Retrieves a paginated list of integrations. Supports filtering and sorting. Requires authentication. ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/integrations" ``` -------------------------------- ### Initialize Terraform Environment Source: https://docs.aembit.io/_llms-txt/user-guide.txt Initializes the Terraform working directory, downloading necessary providers and modules. This command must be run before any other Terraform commands. ```shell terraform init ``` -------------------------------- ### POST /api/v1/client-workloads Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Creates a new Client Workload. ```APIDOC ## POST /api/v1/client-workloads ### Description Create a Client Workload. ### Method POST ### Endpoint /api/v1/client-workloads #### Parameters ##### Path Parameters - None #### Query Parameters - None #### Request Body - **ClientWorkloadExternalDTO** (any) - Required - Schema: any ### Response (Response details not provided in the input text) ``` -------------------------------- ### GET /api/v1/log-streams Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Get a page of Log Streams. ```APIDOC ## GET /api/v1/log-streams ### Description Get a page of Log Streams. ### Method GET ### Endpoint /api/v1/log-streams ### Parameters #### Query Parameters - **page** (undefined) - Optional - The page number to retrieve. - **per-page** (undefined) - Optional - The number of items per page. - **filter** (undefined) - Optional - Filters to apply to the log streams. - **order** (undefined) - Optional - Order of the log streams. ### Responses #### Success Response (200) - **LogStreams** (array) - Page of Log Streams #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ### Request Example ```bash curl -X GET "https://your-tenant.aembit.io/api/v1/log-streams" ``` ``` -------------------------------- ### Create Access Policy (cURL) Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Example of how to create a new access policy using a cURL command. This operation requires a JSON payload with policy data and authentication headers. ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v1/access-policies" ``` -------------------------------- ### Audience Configuration Example Source: https://docs.aembit.io/_llms-txt/user-guide.txt Example of configuring the 'aud' (Audience) claim for an OIDC token. This specifies the intended recipient of the token, with examples for AWS and Google Cloud. ```uri https://sts.amazonaws.com ``` ```uri https://www.googleapis.com/oauth2/v4/token ``` -------------------------------- ### POST /api/v1/discovery-integrations Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Creates a new integration using the provided DiscoveryIntegrationDTO. ```APIDOC ## POST /api/v1/discovery-integrations ### Description Create an Integration. Accepts a DiscoveryIntegrationDTO in the request body. ### Method POST ### Endpoint /api/v1/discovery-integrations ### Parameters #### Request Body - **DiscoveryIntegrationDTO** (any) - Required - The data transfer object for creating an integration. ### Request Example ```json { "example": "data" } ``` ### Response #### Success Response (201) - **Integration** (any) - The newly created Integration object. #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### GET /api/v1/log-streams/{id} Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Get a Log Stream identified by its ID. ```APIDOC ## GET /api/v1/log-streams/{id} ### Description Get a Log Stream identified by its ID. ### Method GET ### Endpoint /api/v1/log-streams/{id} ### Parameters #### Path Parameters - **id** (undefined) - Optional - The ID of the log stream to retrieve. ### Responses #### Success Response (200) - **LogStream** (object) - The requested Log Stream #### Error Responses - **204**: Log Stream Not Found - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ### Request Example ```bash curl -X GET "https://your-tenant.aembit.io/api/v1/log-streams/{id}" ``` ``` -------------------------------- ### POST /api/v2/credential-providers Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Creates a credential provider. ```APIDOC ## POST /api/v2/credential-providers ### Description Create a Credential Provider. ### Method POST ### Endpoint /api/v2/credential-providers ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **X-Aembit-ResourceSet** (any) - Optional - A custom header for resource set. - **CredentialProviderV2DTO** (any) - Description: Used to create a Credential Provider. * Content-Type: application/json * Schema: any ### Request Example ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v2/credential-providers" ``` ### Response #### Success Response (201) - **(any)** - Description: Created Credential Provider * Content-Type: application/json * Schema: any #### Response Example (No example provided in source) ``` -------------------------------- ### Example Dynamic Subject Configuration (Kubernetes) Source: https://docs.aembit.io/_llms-txt/user-guide.txt Demonstrates how to configure a dynamic subject using SPIFFE ID format for Kubernetes workloads. This allows for runtime generation of unique SPIFFE IDs based on Kubernetes environment variables. ```text spiffe://your-domain/ns/${namespace}/sa/${serviceaccount} ``` -------------------------------- ### GET /api/v2/access-policies Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Get a page of Access Policies. Retrieve a page of Access Policies. ```APIDOC ## GET /api/v2/access-policies ### Description Get a page of Access Policies. Retrieve a page of Access Policies. ### Method GET ### Endpoint /api/v2/access-policies ### Parameters #### Query Parameters - **page** (undefined) - Optional - any - **per-page** (undefined) - Optional - any - **filter** (undefined) - Optional - any - **order** (undefined) - Optional - any - **group-by** (undefined) - Optional - any - **query** (undefined) - Optional - any ### Request Example ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v2/access-policies" ``` ### Response #### Success Response (200) - **Schema**: any - Page of Access Policies #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### POST /api/v1/access-policies Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Create a new access policy. ```APIDOC ## POST /api/v1/access-policies ### Description Create a new Access Policy. ### Method POST ### Endpoint /api/v1/access-policies ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **PolicyDTO** (object) - Required - Schema: any ### Request Example ```json { "example": "data" } ``` ### Response #### Success Response (200) - **Access Policy** (object) - Description: The created Access Policy #### Response Example ```json { "example": "data" } ``` ### Error Handling - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ``` -------------------------------- ### GET /api/v1/roles/{id} Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Get a Role by ID. Retrieves a specific role identified by its unique ID. ```APIDOC ## GET /api/v1/roles/{id} ### Description Get a Role identified by its ID. ### Method GET ### Endpoint /api/v1/roles/{id} ### Parameters #### Path Parameters - **id** (any) - Optional - The unique identifier of the role. #### Query Parameters None #### Request Body None ### Request Example ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/roles/{id}" ``` ### Response #### Success Response (200) - **Role** (object) - Description: The requested role details. #### Response Example ```json { "example": "role data" } ``` #### Error Responses - **204**: Role Not Found - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ``` -------------------------------- ### GET /api/v1/roles Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Get a page of Roles. This endpoint allows retrieval of role information in a paginated format. ```APIDOC ## GET /api/v1/roles ### Description Get a page of Roles. ### Method GET ### Endpoint /api/v1/roles ### Parameters #### Query Parameters - **page** (any) - Optional - The page number to retrieve. - **per-page** (any) - Optional - The number of items per page. - **filter** (any) - Optional - Filtering criteria for the roles. - **order** (any) - Optional - Order of the roles. - **group-by** (any) - Optional - Grouping criteria for the roles. ### Response #### Success Response (200) - **Page of Roles** (any) - A page containing roles. - **Content-Type**: application/json #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **500**: Internal Server Error ``` -------------------------------- ### GET /api/v1/routings/{id} Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Get a Routing by ID. Retrieves a specific routing configuration identified by its unique ID. ```APIDOC ## GET /api/v1/routings/{id} ### Description Get a Routing identified by its ID. ### Method GET ### Endpoint /api/v1/routings/{id} ### Parameters #### Path Parameters - **id** (any) - Optional - The unique identifier of the routing. #### Query Parameters None #### Request Body None ### Request Example ```bash curl -X GET \ "https://your-tenant.aembit.io/api/v1/routings/{id}" ``` ### Response #### Success Response (200) - **Routing** (object) - Description: The requested routing details. #### Response Example ```json { "example": "routing data" } ``` #### Error Responses - **400**: Bad Request - **401**: Not Authenticated - **403**: Forbidden - **404**: Not Found - **500**: Internal Server Error ``` -------------------------------- ### POST /api/v1/credential-integrations Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Creates a new credential provider integration. ```APIDOC ## POST /api/v1/credential-integrations ### Description Create a Credential Provider Integration. ### Method POST ### Endpoint /api/v1/credential-integrations ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body - **CredentialProviderIntegrationDTO** (any) - Description: Used to create a Credential Provider Integration. * Content-Type: application/json * Schema: any ### Request Example ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v1/credential-integrations" ``` ### Response #### Success Response (201) - **(any)** - Description: Created Credential Provider Integration * Content-Type: application/json * Schema: any #### Response Example (No example provided in source) ``` -------------------------------- ### Create Integration Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-endpoints.txt Creates a new integration with the provided IntegrationDTO. Requires authentication and a JSON request body. Returns the created integration or error codes. ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v1/integrations" ``` -------------------------------- ### GET /api/v2/access-policies/{id}/notes Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Gets notes for an Access Policy. Retrieves note information for an Access Policy. ```APIDOC ## GET /api/v2/access-policies/{id}/notes ### Description Gets notes for an Access Policy. Retrieves note information for an Access Policy. ### Method GET ### Endpoint /api/v2/access-policies/{id}/notes ### Parameters #### Path Parameters - **id** (any) - Optional - The ID of the access policy. ### Request Example ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v2/access-policies/{id}/notes'" ``` ### Response #### Success Response (200) - **Schema**: any - Page of Access Policy Notes #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### GET /api/v2/access-policies/{id}/credential-mappings Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Gets a credential mappings of Access Policy. Retrieves credential mappings of Access Policy. ```APIDOC ## GET /api/v2/access-policies/{id}/credential-mappings ### Description Gets a credential mappings of Access Policy. Retrieves credential mappings of Access Policy. ### Method GET ### Endpoint /api/v2/access-policies/{id}/credential-mappings ### Parameters #### Path Parameters - **id** (any) - Optional - The ID of the access policy. ### Request Example ```bash curl -X GET \ "https://your-tenant.aembit.io'/api/v2/access-policies/{id}/credential-mappings'" ``` ### Response #### Success Response (200) - **Schema**: any - Page of Credential Mappings #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### POST /api/v1/credential-integrations Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Creates a new Credential Provider Integration. ```APIDOC ## POST /api/v1/credential-integrations ### Description Creates a new Credential Provider Integration. ### Method POST ### Endpoint /api/v1/credential-integrations ### Request Body - **CredentialProviderIntegrationDTO** (any) - Required - The data transfer object for creating a credential provider integration. ### Responses #### Success Response (201) - **Created Credential Provider Integration** (any) - Represents the newly created credential provider integration. #### Error Responses - **400** - Bad Request - **401** - Not Authenticated - **500** - Internal Server Error ### Request Example ```bash curl -X POST \ -H "Content-Type: application/json" \ -d '{"example": "data"}' \ "https://your-tenant.aembit.io/api/v1/credential-integrations" ``` ### Response Example (201) ```json { "example": "created credential provider integration" } ``` ``` -------------------------------- ### Dynamic OIDC Claim Examples Source: https://docs.aembit.io/_llms-txt/user-guide.txt Examples of how to dynamically configure common OIDC claims using Aembit's expression language. These examples show how to extract values from the OIDC identity token's payload to populate claims such as 'sub', 'email', 'groups', 'role', and 'department'. ```aembit_expressions ${oidc.identityToken.decode.payload.user_login} ``` ```aembit_expressions ${oidc.identityToken.decode.payload.user_email} ``` ```aembit_expressions ${oidc.identityToken.decode.payload.groups} ``` ```aembit_expressions ${oidc.identityToken.decode.payload.role} ``` ```aembit_expressions ${oidc.identityToken.decode.payload.department} ``` -------------------------------- ### GET /api/v1/discovery-integrations Source: https://docs.aembit.io/_llms-txt/cloud-api-guide-full.txt Retrieves a paginated list of integrations. Supports filtering, sorting, and pagination parameters. ```APIDOC ## GET /api/v1/discovery-integrations ### Description Get a page of Integrations. Supports optional query parameters for pagination, filtering, and ordering. ### Method GET ### Endpoint /api/v1/discovery-integrations ### Parameters #### Query Parameters - **page** (any) - Optional - Specifies the page number for the results. - **per-page** (any) - Optional - Specifies the number of items per page. - **filter** (any) - Optional - Filters the integrations based on specified criteria. - **order** (any) - Optional - Specifies the order of the results. ### Request Example ```json { "example": "request body" } ``` ### Response #### Success Response (200) - **Integration** (any) - A page of Integration objects. #### Response Example ```json { "example": "response body" } ``` ``` -------------------------------- ### API Key Setup Source: https://docs.aembit.io/_llms-txt/user-guide.txt Configure Databricks credential providers using API Keys. This involves setting up a server workload with specific host and protocol configurations. ```APIDOC ## API Key ### Server Workload Configuration 1. Create a new Server Workload. * **Name** - Choose a user-friendly name. 2. Configure the service endpoint: * **Host** - `.cloud.databricks.com` (Use the Databricks instance name copied in step 5 of the workspace creation process) * **Application Protocol** - ``` -------------------------------- ### Install Agent Controller with gMSA (msiexec) Source: https://docs.aembit.io/_llms-txt/user-guide.txt This command installs the Aembit Agent Controller on Windows Server for a high availability configuration using a Group Managed Service Account (gMSA). It requires the MSI installer and specific parameters, including setting the SERVICE_LOGON_ACCOUNT environment variable in the Down-Level Logon Name format. ```cmd msiexec /i aembit_agent_controller.msi /l*v installer.log ` AEMBIT_TENANT_ID= ` AEMBIT_AGENT_CONTROLLER_ID= ` SERVICE_LOGON_ACCOUNT=\\ ```