To see all APIs available, refer to APIs section for each What is a module?.
All actions performed by IDEA web interface can also be triggered via HTTP APIs. APIs cover all modules such as creating IDEA users, submit a job or control virtual desktops.
IDEA provides a Swagger documentation available on the IDEA web interface under "Module Name" > "Settings" (example below for "eVDI" > "Settings")
User Authorization
TO be rewritten
API Authorization is available in 4 categories:
Public - As long as client has network access to the endpoint.
Authenticated User - The calling user must send a valid JWT token issued by the cluster’s Cognito User Pool
Manager - The user must be part of the managers Cognito User Group.
Administrator - The user must be part of the administrators Cognito User Group, in addition to the Sudoers LDAP Group.
API Samples
Auth.InitiateAuth (Using Username/Password)
InitiateAuth is a public API, that is used to authenticate the cluster user. The API may return the authentication result or challenges such as FORCE_RESET_PASSWORD, MFA challenge based configuration.
POST <CLUSTER_ALB_ENDPOINT>/cluster-manager/api/v1 HTTP/1.1Content-Type:application/json
Python (full example - get access token and query API)
Accounts.CreateUser namespace requires elevated access. Make sure to test this API with a user that belong to manager or cluster-admin groups (e.g: clusteradmin)
import requestsimport jsonimport sysIDEA_ENDPOINT ="HTTPS://<DNS>"IDEA_USER ="USER_WITH_ADMIN_PRIVILEGES"IDEA_PASSWORD ="PASSWORD"# Initiate Auth and retrieve Access Token## Prepare Payloadget_auth_data ={"header":{"namespace":"Auth.InitiateAuth"},"payload":{"auth_flow":"USER_PASSWORD_AUTH","username": IDEA_USER,"password": IDEA_PASSWORD}}## Prepare Headerget_auth_headers ={'Content-Type':'application/json'}## Submit request and retrieve access token get_auth_request = requests.post(f"{IDEA_ENDPOINT}/cluster-manager/api/v1", headers=get_auth_headers, data=json.dumps(get_auth_data), verify=False# in case you are using self-signed cert ).json()if get_auth_request['success']: access_token = get_auth_request['payload']['auth']['access_token']else: sys.exit(1)# Query API requiring elevated permissions (Create new user account)## Prepare Payloadcreate_user_data ={"header":{"namespace":"Accounts.CreateUser"},"payload":{"user":{"username":"testuser1","password":"p@sswordTest123","email":"invalid@email.none","sudo":False},"email_verified":True}}## Prepare Headerscreate_user_headers ={'Content-Type':'application/json','Authorization':f'Bearer {access_token}'}## Submit requestcreate_user_request = requests.post(f'{IDEA_ENDPOINT}/cluster-manager/api/v1', data=json.dumps(create_user_data), headers=create_user_headers, verify=False# in case you are using self-signed cert ).json()print(create_user_request)
