Defining security policies (API)

Step two: Creating a policy profile

Before you can apply most policies to an app, you need to define a collection of policy settings in a profile. See the specific policy page under Configuring security policies for your apps for examples and details of what parameters are available in each profile.

To create most profiles, including master profiles and signing profiles, use POST profile.
To create Secure Microtunnel profiles, use POST app-policy/vpn-profile.
To create a browser profile, use POST profile/mocana-browser/new.

This example creates a Secure Microtunnel profile:

Request

JS

curl -k -v -L -b c.txt -c c.txt -X POST https://bc.qwe.com/mocana-app-control/rest/app-policy/vpn-profile \
 -F profileId="" \
 -F profileName="TestProfile psk" \
 -F profileDesc="" \
 -F vpnServerAddr="172.16.31.2" \
 -F vpnPsk="psk" \
 -F vpnAuthMethod="key" \
 -F vpnProtocol="map" \
 -F vpnAuthGroup="authGroup" \
 -F vpnDhGroup="14" \
 -F vpnOfflineMode="continuousReconnect"

The response includes the new profile's GUID:

Response

JS

{
  "app_policy": {"profile_id": "40a6c1ac-a7b9-4903-a857-7db71db23881"},
  "message": "",
}

Finding the policy info

To apply Blue Cedar policies to an app, secure the app using the policy codes or the policy GUIDs for the policies you want. Use GET app-policy/catalog to obtain all the codes and GUIDs for each policy that exists on the policy console. The GUID for each policy returns in the policy_id field.

Example

Request

JS

curl -b c.txt -c c.txt -X \
GET https://bc.qwe.com/mocana-app-control/rest/app-policy/catalog

Response

JS

{
  "app_policies": [
  {
    "info_url": "https://bc.qwe.com:443/mocana-app-control/rest/app-policy/1f22e273-3069-4361-b273-7de552fe04fa",
    "policy_code": "POLICY_CODE_APP_CUSTOMIZATION",
    "policy_icon_url": "https://bc.qwe.com:443/mocana-app-control/rest/files/78aaf1f7-2dd6-4572-8243-96ca3ebf7860",
    "policy_id": "1f22e273-3069-4361-b273-7de552fe04fa",
    "policy_name": "App Customization",
    "policy_status": "active",
    "summary_count": 1
  },
  {
     "info_url": "https://bc.qwe.com:443/mocana-app-control/rest/app-policy/5ce265b4-873c-4f05-a72f-f07b54b64cfc",
     "policy_code": "POLICY_CODE_DEVICE_POSTURE",
     "policy_icon_url": "https://bc.qwe.com:443/mocana-app-control/rest/files/f7028519-9cc5-46a4-8e06-b5048e1e9334",
     "policy_id": "5ce265b4-873c-4f05-a72f-f07b54b64cfc",
     "policy_name": "Device posture",
     "summary_count": 1
  },
  {
     "info_url": "https://bc.qwe.com:443/mocana-app-control/rest/app-policy/1a6518ac-fb61-4eef-9bf0-aba58ff15a8b",
     "policy_code": "POLICY_CODE_SECURE_CONNECTION",
     "policy_icon_url": "https://bc.qwe.com:443/mocana-app-control/rest/files/3e1602bb-2a98-4fad-b76c-76ca2c1a1bf2",
     "policy_id": "40a6c1ac-a7b9-4903-a857-7db71db23881",
     "policy_name": "PSK auth server",
     "summary_count": 0
   }
  {
     "info_url": "https://10.42.32.156:443/mocana-app-control/rest/app-policy/d05bbf47-d405-47a7-a668-a4bdb90e8bf4",
     "policy_code": "POLICY_CODE_SIGNING",
     "policy_icon_url": "https://10.42.32.156:443/mocana-app-control/rest/files/fbb4375a-697c-42ff-b5c2-033b917d5627",
     "policy_id": "d05bbf47-d405-47a7-a668-a4bdb90e8bf4",
     "policy_name": "Signing",
     "policy_status": "active",
     "summary_count": 17
   } ],
 "message": "",
 "status": "OK"
}

Finding the profile info

Before you can apply a policy to an app that you’ve already uploaded, you need to choose the policy profile you want. Use GET profile/catalog to obtain all the IDs for each profile that exists in the policy console. The ID for each policy returns in the profile_id field.

Example

Request

JS

curl -b c.txt -c c.txt -X \
GET https://bc.qwe.com/mocana-app-control/rest/profile/catalog

Response

JS

{
  "message": "",
  "profiles": [
  {
    "data": {
    "profile_data": "{\"fontColor\":\"FFFFFF\",\"displaySecuredByBar\":\"1\",
       \"backgroundImageBlobId\":\"5f0fbf85-a9ea-43e1-8871-078dce4b839d\",
       \"secondaryBtnColor\":\"0191C5\",
       \"backgroundColor\":\"0076A9\",\"primaryBtnColor\":\"00CC00\",
       \"reset_logo_image\":\"1\",\"reset_bg_image\":\"0\"}",
    "profile_data_id": "80015507-36f7-4af1-9e5e-c509535aa77f",
    "profile_data_stamp": "2016-06-13 18:47:52.0"
  },
    "profile_desc": "",
    "profile_id": "d312396c-26b4-4cf6-a270-16140b467889",
    "profile_name": "test",
    "profile_type": "app_customization",
    "profile_url": "https://bc.qwe.com:443/mocana-app-control/rest/profile/d312396c-26b4-4cf6-a270-16140b467889"
  },
 (...)
 ],
 "status": "OK"
}

Signing and securing the app

Once the app is uploaded and you have obtained the IDs for the policies and profiles, you can apply these policies and profiles by calling POST app-market/policy. Use the same API call to set signing options.

Securing an app involves these steps:

Uploading an app (API)

Creating profiles for the policies you want to apply

Choosing a code signing type and signing profile (Code signing (API))

Securing the app with those policies and profiles, optionally code signing in the policy console (Securing an app (API))

Downloading or exporting the app, optionally code signing outside the console (API Downloading and exporting apps)