To see all APIs available, refer to APIs section for each Modules.
All actions performed by IDEA web interface can also be triggered via HTTP APIs. APIs cover all modules such as creating IDEA users, submit a job or control virtual desktops.
IDEA provides a Swagger documentation available on the IDEA web interface under "Module Name" > "Settings" (example below for "eVDI" > "Settings")
User Authorization
TO be rewritten
API Authorization is available in 4 categories:
Public - As long as client has network access to the endpoint.
Authenticated User - The calling user must send a valid JWT token issued by the cluster’s Cognito User Pool
Manager - The user must be part of the managers Cognito User Group.
Administrator - The user must be part of the administrators Cognito User Group, in addition to the Sudoers LDAP Group.
API Samples
Auth.InitiateAuth (Using Username/Password)
InitiateAuth is a public API, that is used to authenticate the cluster user. The API may return the authentication result or challenges such as FORCE_RESET_PASSWORD, MFA challenge based configuration.
POST <CLUSTER_ALB_ENDPOINT>/cluster-manager/api/v1 HTTP/1.1Content-Type:application/json
Python (full example - get access token and query API)
Accounts.CreateUser namespace requires elevated access. Make sure to test this API with a user that belong to manager or cluster-admin groups (e.g: clusteradmin)
import requestsimport jsonimport sysIDEA_ENDPOINT ="HTTPS://<DNS>"IDEA_USER ="USER_WITH_ADMIN_PRIVILEGES"IDEA_PASSWORD ="PASSWORD"# Initiate Auth and retrieve Access Token## Prepare Payloadget_auth_data ={"header":{"namespace":"Auth.InitiateAuth"},"payload":{"auth_flow":"USER_PASSWORD_AUTH","username": IDEA_USER,"password": IDEA_PASSWORD}}## Prepare Headerget_auth_headers ={'Content-Type':'application/json'}## Submit request and retrieve access token get_auth_request = requests.post(f"{IDEA_ENDPOINT}/cluster-manager/api/v1", headers=get_auth_headers, data=json.dumps(get_auth_data), verify=False# in case you are using self-signed cert ).json()if get_auth_request['success']: access_token = get_auth_request['payload']['auth']['access_token']else: sys.exit(1)# Query API requiring elevated permissions (Create new user account)## Prepare Payloadcreate_user_data ={"header":{"namespace":"Accounts.CreateUser"},"payload":{"user":{"username":"testuser1","password":"p@sswordTest123","email":"invalid@email.none","sudo":False},"email_verified":True}}## Prepare Headerscreate_user_headers ={'Content-Type':'application/json','Authorization':f'Bearer {access_token}'}## Submit requestcreate_user_request = requests.post(f'{IDEA_ENDPOINT}/cluster-manager/api/v1', data=json.dumps(create_user_data), headers=create_user_headers, verify=False# in case you are using self-signed cert ).json()print(create_user_request)