Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

User Management APIs

Skyhigh Security Service Edge Security Administrators manage users with APIs. The User Management APIs give you the ability to perform a wide range of actions to manage users. 

Access Token

The first step in the process is to get an access token that can be used to perform the API actions.

If you log into Skyhigh CASB using https://auth.ui.trellix.com/, use the following API to get the token. 

POST /shnapi/rest/external/api/v1/token?grant_type=password&token_type=iam

Host: https://www.myshn.net (US-PROD) / https://www.myshn.eu (EU-PROD) / https://www.myshn.ca (CA-PROD)

Headers:

Key: BPS-TENANT-ID, Value: <Enter tenant ID e.g. 0BC492ED-2E06-43D3-A664-3F06798E6BBB>

Authorization: <User name> / <Password> (Skyhigh CASB login credentials)

If you log into Skyhigh CASB using https://www.myshn.xxx, use the following API to get the token. 

POST /shnapi/rest/external/api/v1/token?grant_type=password&token_type=iam

Host:  https://www.myshn.net (US-PROD) / https://www.myshn.eu (EU-PROD) / https://www.myshn.ca (CA-PROD) / https://www.govshn.net (Fed / Gov)

Headers: Not Applicable

Authorization: <User name> / <Password> (Skyhigh CASB login credentials)

Once you have acquired the access token, copy the access token from the response and proceed to perform the user management actions.

Create New User 

Use the following API to create new users. 

POST /shnapi/rest/v1/user
Host:  
https://www.myshn.net (US-PROD) / https://www.myshn.eu (EU-PROD) / https://www.myshn.ca (CA-PROD) / https://www.govshn.net (Fed / Gov)
Headers: 

Key: Authorization, Value: Bearer < provide the access-token here> 
 

Option 1: If you only want to provide Role information and not granular resource (RBAC) information:

Content-Type: application/json

{"firstName":"hello","lastName":"world","email":"helloworld@123.com","active":true,"admin":true,"id":-1,"roles":[105,104],"shadowJurisdictionId":-1,"sanctionedJurisdictionId":-1,"webJurisdictionId":-1,"readOnly":false,"lastLoginDate":null,"correlationId":null,"samlExcludedUser":false,"resendActivationLink":false,"selfActivationDate":null,"tenantId":79744,"primaryUser":false}

Option 2: To provide both Role and granular resource (RBAC) information: 

{"firstName":"hello","lastName":"world","email":"helloworld@123.com","active":true,"admin":true,"id":-1,"roles":[105,104],"shadowJurisdictionId":-1,"sanctionedJurisdictionId":-1,"webJurisdictionId":-1,"readOnly":false,"lastLoginDate":null,"correlationId":null,"samlExcludedUser":false,"resendActivationLink":false,"selfActivationDate":null,"tenantId":79744,"primaryUser":false,"rolesInfo":[{"id":105,"name":"ADMINISTRATOR","desc":"Administrator","resources":[{"id":144,"name":"ACTIVITY_SETTINGS","desc":"Activity Settings","privilegeId":1},{"id":140,"name":"ANOMALY_SETTINGS","desc":"Anomaly Settings","privilegeId":1},{"id":152,"name":"SETUP_N_CONFIG","desc":"Setup & Configuration","privilegeId":1},{"id":110,"name":"USER_MANAGER","desc":"User Manager","privilegeId":1}],"granularAccess":true},{"id":104,"name":"POLICY_MANAGEMENT","desc":"Policy Management","resources":[{"id":126,"name":"POLICY_ACCESS_CONTROL","desc":"Access Policies","privilegeId":1},{"id":157,"name":"SHADOW_ACCESS_POLICY","desc":"Cloud Application Control","privilegeId":1},{"id":145,"name":"CONFIGURATION_AUDIT","desc":"Configuration Audit","privilegeId":1},{"id":158,"name":"CONNECTED_APPS_POLICIES","desc":"Connected Apps Policies","privilegeId":1},{"id":172,"name":"VULNERABILITY_POLICY","desc":"Container Vulnerability Policy","privilegeId":1},{"id":120,"name":"DLP_POLICY","desc":"DLP Policies","privilegeId":1},{"id":125,"name":"DEVICE_MANAGEMENT","desc":"Device Management","privilegeId":1},{"id":123,"name":"POLICY_DICTIONARY","desc":"Dictionaries","privilegeId":1},{"id":149,"name":"EMAIL_TEMPLATE","desc":"Email Templates","privilegeId":1},{"id":154,"name":"ENCRYPTION_POLICY","desc":"Encryption Policy","privilegeId":1},{"id":146,"name":"FINGERPRINTS","desc":"Fingerprints","privilegeId":1},{"id":122,"name":"IP_WHITELIST","desc":"IP Allow List","privilegeId":1},{"id":159,"name":"MALWARE_POLICIES","desc":"Malware Policies","privilegeId":1},{"id":121,"name":"ON_DEMAND_SCAN","desc":"On-Demand Scan","privilegeId":1},{"id":124,"name":"POLICY_SETTINGS","desc":"Policy Settings","privilegeId":1},{"id":151,"name":"POLICY_TEMPLATES","desc":"Policy Templates","privilegeId":1},{"id":147,"name":"USER_GROUPS","desc":"User Groups","privilegeId":1},{"id":148,"name":"WATCHLISTS","desc":"Watchlists","privilegeId":1}],"granularAccess":true}]}

 

The id parameter refers to User ID. When creating new users, the id parameter is given as -1. When updating a user, the user ID for the corresponding user needs to be specified as the id parameter. 

Jurisdictions cannot be created or assigned using these APIs. This has to be done via the dashboard. The value for jurisdiction ID is always given as '-1'. 

List Users

Use this API to get a list of users in Skyhigh CASB. This API also provides the USER ID, which is required for DeleteEdit, and Get User APIs. 

POST /shnapi/rest/v1/user/search
Host: 
https://www.myshn.net (US-PROD) / https://www.myshn.eu (EU-PROD) / https://www.myshn.ca (CA-PROD) / https://www.govshn.net (Fed / Gov)

Headers: 

Key: Authorization, Value: Bearer < provide the access-token here> 


Content-Type: application/json

{"pageCriteria":{"startIndex":0,"numRecords":2500},"sortCriteria":{"sortColumn":"lastLoginDate","sortAscending":false},"searchString":"text","tenantId":<id>,"userRole":null}

 

Delete User

Use this API to delete users. This API requires the userID parameter (user email), which you can get using the List Users API. 

DELETE /shnapi/rest/v1/user?userId=<id>

Host:https://www.myshn.net (US-PROD) / https://www.myshn.eu (EU-PROD) / https://www.myshn.ca (CA-PROD) / https://www.govshn.net (Fed / Gov)

Headers: 

Key: Authorization, Value: Bearer < provide the access-token here> 

 

Get User Information

Use this API is to pull user details, roles, and jurisdiction information. This API requires the id parameter (user email), which you can get using the List Users API. 

GET /shnapi/rest/v1/user?userId=<id> 

Host: https://www.myshn.net (US-PROD) / https://www.myshn.eu (EU-PROD) / https://www.myshn.ca (CA-PROD) / https://www.govshn.net (Fed / Gov)

Headers: 

Key: Authorization, Value: Bearer < provide the access-token here> 

 

Update User Details

Use this API is to update user details, roles, and jurisdictions. This API requires the id parameter (user ID), which you can get using the List Users API. 

PUT /shnapi/rest/v1/user 
Host: 
https://www.myshn.net (US-PROD) / https://www.myshn.eu (EU-PROD) / https://www.myshn.ca (CA-PROD) / https://www.govshn.net (Fed / Gov)

Headers: 

Key: Authorization, Value: Bearer < provide the access-token here> 

Content-Type: application/json

{"firstName":"hello","lastName":"world","email":"helloworld@123.com","active":true,"admin":true,"id":<userid>,"roles":[105,104],"shadowJurisdictionId":-1,"sanctionedJurisdictionId":-1,"webJurisdictionId":-1,"readOnly":false,"lastLoginDate":null,"correlationId":null,"samlExcludedUser":false,"resendActivationLink":false,"selfActivationDate":null,"tenantId":79744,"primaryUser":false,"rolesInfo":[{"id":105,"name":"ADMINISTRATOR","desc":"Administrator","resources":[{"id":144,"name":"ACTIVITY_SETTINGS","desc":"Activity Settings","privilegeId":1},{"id":140,"name":"ANOMALY_SETTINGS","desc":"Anomaly Settings","privilegeId":1},{"id":152,"name":"SETUP_N_CONFIG","desc":"Setup & Configuration","privilegeId":1},{"id":110,"name":"USER_MANAGER","desc":"User Manager","privilegeId":1}],"granularAccess":true},{"id":104,"name":"POLICY_MANAGEMENT","desc":"Policy Management","resources":[{"id":126,"name":"POLICY_ACCESS_CONTROL","desc":"Access Policies","privilegeId":1},{"id":157,"name":"SHADOW_ACCESS_POLICY","desc":"Cloud Application Control","privilegeId":1},{"id":145,"name":"CONFIGURATION_AUDIT","desc":"Configuration Audit","privilegeId":1},{"id":158,"name":"CONNECTED_APPS_POLICIES","desc":"Connected Apps Policies","privilegeId":1},{"id":172,"name":"VULNERABILITY_POLICY","desc":"Container Vulnerability Policy","privilegeId":1},{"id":120,"name":"DLP_POLICY","desc":"DLP Policies","privilegeId":1},{"id":125,"name":"DEVICE_MANAGEMENT","desc":"Device Management","privilegeId":1},{"id":123,"name":"POLICY_DICTIONARY","desc":"Dictionaries","privilegeId":1},{"id":149,"name":"EMAIL_TEMPLATE","desc":"Email Templates","privilegeId":1},{"id":154,"name":"ENCRYPTION_POLICY","desc":"Encryption Policy","privilegeId":1},{"id":146,"name":"FINGERPRINTS","desc":"Fingerprints","privilegeId":1},{"id":122,"name":"IP_WHITELIST","desc":"IP Allow List","privilegeId":1},{"id":159,"name":"MALWARE_POLICIES","desc":"Malware Policies","privilegeId":1},{"id":121,"name":"ON_DEMAND_SCAN","desc":"On-Demand Scan","privilegeId":1},{"id":124,"name":"POLICY_SETTINGS","desc":"Policy Settings","privilegeId":1},{"id":151,"name":"POLICY_TEMPLATES","desc":"Policy Templates","privilegeId":1},{"id":147,"name":"USER_GROUPS","desc":"User Groups","privilegeId":1},{"id":148,"name":"WATCHLISTS","desc":"Watchlists","privilegeId":1}],"granularAccess":true}]}

 

The id parameter refers to User IDWhen creating new users, the id parameter is given as -1. When updating a user, the user ID for the corresponding user needs to be specified as the id parameter. 

Jurisdictions cannot be created or assigned using these APIs. This has to be done via the dashboard. The value for jurisdiction ID is always given as '-1'. 

  • Was this article helpful?