Managing policy profiles (API)

When you apply a policy to an app, you choose a profile that specifies the settings chosen for that policy. You can create as many profiles as you want. Profiles consist of parameters formatted as JSON strings.

Follow the link to each API resource mentioned here to get details and examples.

Accepted formats for specifying the profile

When supplying a profile for an API, you can usually use either of these formats:

• File: In a cURL command, specify the JSON file with @:

  browser_profile_data=@browser.json

• JSON string: As an inline string using a HTTP parameter, use curly braces to indicate the JSON-format string:

  browser_profile_data="{some-json-data}"

Creating and editing a policy profile with the REST API

• To create a new policy profile for most profiles, use POST profile, and specify the policy type. 
• To create a browser profile, use POST profile/mocana-browser/new. To update a browser profile, use POST profile/mocana-browser/{GUID}.
• To create a vpn profile for Secure Microtunnel, use POST app-policy/vpn-profile. To edit a Secure Microtunnel profile, use POST app-policy/vpn-profile and note that to keep parameter settings when editing an existing profile, pass all parameters previously provided in addition to any new settings.

When you create a policy profile, the console assigns the profile a GUID, which you use to refer to the profile in subsequent API calls.

Setting the default profile

To define a default profile for a policy type, use POST settings/{policytype}-default-profile. This profile is used when applying a policy to an app without specifying a profile.

Deleting a profile

Because a secured app can be associated with a profile after the profile has been deleted, the policy console keeps an archive of every profile that has been deleted. Deleted profiles cannot be used when securing apps.

• To remove a profile from the policy console, use DELETE profile/{GUID}. 

• To delete a browser profile, use DELETE profile/mocana-browser/{GUID}.

Retrieving profile info

• To retrieve details for a specific profile, use GET profile/{GUID}.
• To list all profiles in the policy console, use GET profile/catalog.
• To find policy profile details that have been applied to a given app, use GET app-market/{GUID} (with the app ID). This function returns an app_policies array, which includes meta information about each policy and profile applied to the app, including these IDs. For an explanation of profile and profile_data IDs, see Policy profile structure. 
  • Using the {policytype}_profile_id value, retrieve profile details with GET profile/{GUID}. This method only works for active profiles.
  • Using the policy_profile_data value, retrieve profile data details with GET profile/data/{profile_data_GUID}. This method works for both active and archived profiles.

Example: creating a profile

The following cURL command creates a Device Posture profile with a profile name, profile description, and the profile options in the data JSON structure. (See profile and Integrity and Posture profiles (API) for details.)

curl -k -v -L -b c.txt -c c.txt -X POST http://bc.qwe.com/mocana-app-control/rest/profile \
  -F name="TestProfile" \
  -F type="client_certs" \
  -F desc="Default Profile" \
  -F data="{\"clientCertsUrlMatchingRules\":[
    {\"host\":\"whitelisthostexc\",\"port\":\"9090\",\"action\":\"noCertificate\"},
    {\"host\":\"whitelisthost\",\"port\":\"1010\",\"action\":\"useEnrollmentCertificate\"}
    ]}"

This is an example of JSON-formatted data returned from GET profile/{GUID}:

{
  "message": "",
  "profiles": {
    "data": {
      "profile_data": "{\"clientCertsUrlMatchingRules\":[
        {\"host\":\"whitelisthostexc\",\"port\":\"9090\",\"action\":\"noCertificate\"},
        {\"host\":\"whitelisthost\",\"port\":\"1010\",\"action\":\"useEnrollmentCertificate\"}]}",
      "profile_data_id": "c6a3ed85-4af3-4962-ae0e-612caf1c8097",
      "profile_data_stamp": "2016-07-21 18:23:37.0"
    },
    "profile_desc": "Default Profile",
    "profile_id": "8e5d187f-717f-4caa-83fb-2011cffe5124",
    "profile_name": "TestProfile",
    "profile_type": "client_certs",
    "profile_url": "http://bc.qwe.com/mocana-app-control/rest/profile/8e5d187f-717f-4caa-83fb-2011cffe5264"
  },
  "status": "OK"
}

In the JSON response, notice that the policy console generates unique identifiers for the profile and profile data. See Policy profile structure for more information.

• profile_id: The console-generated unique identifier for a profile. Use this ID to modify or apply this profile.
• profile_data_id: The console-generated unique identifier for the profile data, which is valid whether the profile is active or archived.

For browser profiles, the console also generates unique identifiers for each icon used with Compass. See Browser Configuration profiles (API) for more information.

• icon_id: The console-generated unique identifier for a website icon (customized or default).
• launcher_icon_id: The console-generated identifier for the launcher icon.
• launcher_icon_url: The console-generated URL for the location of the launcher icon.

You cannot set the values for these console-generated IDs with POST profile, POST profile/mocana-browser/new, or POST app-policy/vpn-profile. The policy console sets the values for these parameters when a profile is created. However, you can modify the values for these parameters by updating the profiles. See each policy description for more information about updating profiles.