Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Public API Specification

Welcome to the Flightdeck API by dope.security. Modify custom categories, get endpoint statuses, and more via API! Stay tuned for upcoming updates that will enhance the capabilities and features of this API.

For details on how to create API client credentials please see API Client Credentials.

Generate Flightdeck API access token

post

Use this API to generate an access token for use with the Flightdeck API. A valid access token returned from this API is required in all other Flightdeck API calls.

Token generation is based on the OAuth 2.0 Client Credentials Flow. The returned token is used within the HTTP Authorization header as follows:

Authorization: Bearer <access token>

Note:

  • The required client_id and client_secret are created by an admin via the dope console.

  • Returned access tokens are valid for a limited time period. Clients must check the expires_in value in the response to generate a new access token before the current one expires.

  • The OAuth scopes parameter is not supported and if provided will be ignored. The scopes returned in the access token are set directly by the authorization server.

Body
grant_typestring · enumRequired

The type of grant requested. You must set this to client_credentials

Possible values:
client_idstringRequired

Your application's Client ID.

client_secretstringRequired

Your application's Client Secret.

Responses
200

OK

application/json
access_tokenstringRequired

The new access token.

Example: eyJz93a...k4laUWw
token_typestring · enumRequired

The type of token returned.

Possible values:
expires_innumberRequired

The expiration time of the new access token in seconds.

Example: 3600
post
/partner/oauth/token

List and Search Endpoints

get

Use this API to get a list of all endpoints, or search for those matching a query parameter.

Note:

  • To return a list of all endpoints do not include any additional parameter.

  • Only one of the optional parameters is allowed to be specified per request.

  • Results are returned in pages using cursor based pagination and ordered by the lastSeen property.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Query parameters
idstringOptional

Broad search query across endpoints by device, user and email identities that contain this string (case-insensitive)

emailIdstringOptional

Search by email ids that contain this string (case-insensitive)

deviceNamestringOptional

Search by device names that contain this string (case-insensitive)

userIdstringOptional

Search by user ids that contain this string (case-insensitive). userId for OIDC users is usually their email address.

osVersionstringOptional

Filter by this exact device OS version string

fallbackModestring · enumOptional

Filter by the fallback mode

Possible values:
locationIdstringOptional

Filter by this exact location id - with an underscore separating the case sensitive city and country values e.g. "City_Country"

agentVersionstringOptional

Filter by this exact agent version

firstintegerOptional

An optional pagination param that states the number of records requested from the start of the cursor. The default value is 50.

Default: 50
afterstringOptional

An optional pagination cursor. Pass the endCursor from the previous response's pageInfo to fetch the next page. Check hasNextPage in the previous response's pageInfo to determine whether more records are available.

orderstring · enumOptional

The direction of the sort by the lastSeen property. The default is to sort by descending

Possible values:
Responses
200

OK

application/json
get
/endpoints/search

List Policies

get

Use this API to get a paginated list of all your policies, ordered by policy name.

Each item includes the policy name, last-modified timestamp, SSL inspection status, and the number of conflicting assignments.

The sslInspection field returns the effective value (enabled or disabled). If SSL inspection is not explicitly configured on a policy, the value is inherited from the Base Policy.

Results are returned in pages using cursor-based pagination.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Query parameters
firstintegerOptional

An optional pagination param that states the number of records requested from the start of the cursor. The default value is 50.

Default: 50
afterstringOptional

An optional pagination cursor. Pass the endCursor from the previous response's pageInfo to fetch the next page. Check hasNextPage in the previous response's pageInfo to determine whether more records are available.

orderstring · enumOptional

Sort order for policy names. Defaults to asc.

Default: ascPossible values:
Responses
200

OK

application/json
get
/policies

Create a Policy

post

Use this API to create a new policy.

Specify the name of the policy in the path parameter (policy_name).

If the policy already exists, a 400 error is returned.

Validation rules for policy_name:

  • Must not be empty or whitespace-only

  • Must not contain leading or trailing whitespace

  • Maximum length of 32 characters

  • Must not contain any of the following characters: # ! @ $ % ^ * ? . / \

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestring · min: 1 · max: 32Required

The name of the policy to create

Example: MarketingPattern: ^[^#!@$%^*?./\\]+$
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
post
/policies/{policy_name}

Delete a Policy

delete

Use this API to delete a custom policy by name. This removes the policy and unassigns all users and groups from the policy.

The Base Policy cannot be deleted.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to delete

Example: Engineering
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
delete
/policies/{policy_name}

Get Policy Content

get

Use this API to retrieve the entire content of a policy, including categories and custom categories.

When a policy inherits from the base policy, inheritsFromBase will be true and the content will reflect the base policy's settings.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to retrieve content for

Example: ExamplePolicy
Responses
200

OK

application/json
get
/policies/{policy_name}/content

Update Policy Content Restrictions

put

Use this API to update restrictions on dope and custom categories for a policy.

A single call may update restrictions on any combination of dope and custom categories. Only submitted categories will be updated - any category not included in the request will be left unchanged.

This API also resets categories back to inheriting from base. Both dope categories and custom categories inherit from base (and are reset) as a whole by sending {inheritsFromBase:true} in the payload.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to update restrictions for

Example: ExamplePolicy
Body

Request body for updating restrictions on dope and custom categories

Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
put
/policies/{policy_name}/content/restrictions

Update Policy Content Exceptions

put

Use this API to update user/group-level exceptions on dope and custom categories for a policy.

Exceptions are per-user/group overrides of a category's restriction. Each exception is keyed by the user or group identifier (e.g. email address) within a category.

A single request can update exceptions across multiple dope and custom categories. Categories not included in the request remain unchanged. For each category provided, the submitted exception set is treated as the complete source of truth and fully replaces any existing exceptions. Any existing entries not included in the request for that category will be removed. To remove all exceptions from a category, pass an empty object {} as its value.

All user and group identifiers are validated against the tenant directory. If any identifier cannot be resolved, the request fails with a 400 Bad Request, and the response includes details of the invalid entries.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to update exceptions for

Example: ExamplePolicy
Body

Request body for updating user/group exceptions on categories

Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
put
/policies/{policy_name}/content/exceptions

Get Policy Assignments

get

Use this API to get the users and groups assigned to a policy.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to get assignments for

Example: Engineering
Responses
200

OK

application/json
get
/policies/{policy_name}/assignments

Update Policy Assignments

put

Use this API to update the users and groups assigned to a policy.

Each provided field fully replaces that assignment list. Omitted fields are preserved. Send an empty array to unassign all users or groups.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to update assignments for

Example: Engineering
Body
usersstring[]Optional

User emails to assign. Omit to leave unchanged, send [] to unassign all.

groupsstring[]Optional

Group emails to assign. Omit to leave unchanged, send [] to unassign all.

Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
put
/policies/{policy_name}/assignments

Get URL Bypass

get

Use this API to get the URL bypass entries for a policy.

The response contains both admin-defined custom entries and dope-provided default entries with their per-entry toggle state.

When a policy inherits from the base policy, inheritsFromBase will be true and the custom and default entries will reflect the base policy's settings.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to retrieve the URL bypass for

Example: Engineering
Responses
200

OK

application/json
get
/policies/{policy_name}/bypass/urls

Upsert URL Bypass

put

Upsert custom URL bypass entries and/or update default URL bypass states for a policy.

Custom entries are matched by name: matching names are overwritten, unknown names are added. Unmentioned custom entries are preserved.

Default entries are matched by name: set state to ignored to suppress a default entry, or applied to re-enable it. Unknown default entry names are silently ignored.

Pass inheritsFromBase: true as the entire data payload to reset the policy to inherit all URL bypass configuration from the base policy (this drops all custom entries and default overrides for this policy).

Detaching from Base: If a policy inherits from the Base Policy (inheritsFromBase: true), sending custom or default entries will detach it. Base entries are not copied — include any you want to keep in the request. Once detached, further Base Policy changes will no longer propagate to this policy.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to update URL bypass entries for

Example: Marketing
Body
dataone ofRequired
or
Responses
200

URL bypass updated successfully

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
put
/policies/{policy_name}/bypass/urls

Delete Custom URL Bypass Entries

delete

Use this API to delete custom URL bypass entries from a policy by name.

The operation is idempotent — names that do not exist are silently ignored.

Policies that inherit URL bypass from the Base Policy cannot have custom URLs deleted.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to delete URL bypass entries from

Example: Engineering
Body
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
delete
/policies/{policy_name}/bypass/urls

Get Application Bypass

get

Use this API to get the application bypass entries for a policy.

The response contains both admin-defined custom entries and dope-provided default entries with their per-entry toggle state, split per platform (mac and windows).

When a policy inherits from the base policy, inheritsFromBase will be true and the custom and default entries will reflect the base policy's settings.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to retrieve the application bypass for

Example: Engineering
Responses
200

OK

application/json
get
/policies/{policy_name}/bypass/applications

Upsert Application Bypass

put

Upsert custom application bypass entries and/or update default application bypass states for a policy.

Custom entries are matched by name: matching names are overwritten, unknown names are added. Unmentioned custom entries are preserved.

Default entries are matched by name: set state to ignored to suppress a default entry, or applied to re-enable it. Unknown default entry names are silently ignored.

Pass inheritsFromBase: true as the entire data payload to reset the policy to inherit all application bypass configuration from the base policy (this drops all custom entries and default overrides for this policy).

Detaching from Base: If a policy inherits from the Base Policy (inheritsFromBase: true), sending custom or default entries will detach it. Base entries are not copied — include any you want to keep in the request. Once detached, further Base Policy changes will no longer propagate to this policy.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to update application bypass entries for

Example: Marketing
Body
dataone ofRequired
or
Responses
200

Application bypass updated successfully

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
put
/policies/{policy_name}/bypass/applications

Delete Custom Application Bypass Entries

delete

Use this API to delete custom application bypass entries from a policy by name.

The operation is idempotent — names that do not exist are silently ignored.

At least one of mac or windows must be provided.

Policies that inherit application bypass from the Base Policy cannot have custom applications deleted.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to delete application bypass entries from

Example: Engineering
Body
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
delete
/policies/{policy_name}/bypass/applications

Get SSL Inspection Configuration

get

Use this API to get the SSL inspection configuration for a policy.

The response returns sslInspection as an object containing the resolved state (always enabled or disabled) and inheritsFromBase indicating whether the policy inherits SSL inspection from the Base Policy.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to retrieve SSL inspection for

Example: Engineering
Responses
200

OK

application/json
get
/policies/{policy_name}/ssl-inspection

Update SSL Inspection Configuration

put

Use this API to update the SSL inspection configuration for a policy.

The request body must be either:

  • {"state": "enabled" | "disabled"} to set a custom state on this policy, OR

  • {"inheritsFromBase": true} to make this policy inherit SSL inspection from the Base Policy.

Exactly one of these two shapes is allowed. Anything else (extra fields, both fields, inheritsFromBase: false) returns 400. The Base Policy cannot inherit from itself; setting inheritsFromBase: true on the Base Policy returns 400.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
policy_namestringRequired

The name of the policy to update SSL inspection for

Example: Engineering
Body
Responses
200

SSL inspection updated successfully

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
put
/policies/{policy_name}/ssl-inspection

List Custom Categories

get

Use this API to get a paginated list of all custom categories.

Results are returned in pages using cursor based pagination.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Query parameters
firstintegerOptional

An optional pagination param that states the number of records requested from the start of the cursor. The default value is 50.

Default: 50
afterstringOptional

An optional pagination cursor. Pass the endCursor from the previous response's pageInfo to fetch the next page. Check hasNextPage in the previous response's pageInfo to determine whether more records are available.

Responses
200

OK

application/json
get
/custom_categories

Create a Custom Category

post

Use this API to create a new custom category.

Specify the name of the custom category in the path parameter (custom_category_name).

If the custom category already exists, a 400 error is returned.

Validation rules for custom_category_name:

  • Must not be empty or whitespace-only

  • Must not contain leading or trailing whitespace

  • Maximum length of 32 characters

  • Must not contain any of the following characters: # ! @ $ % ^ * ? . / \

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
custom_category_namestring · min: 1 · max: 32Required

The name of the custom category to create

Example: Streaming_Custom_CategoryPattern: ^[^#!@$%^*?./\\]+$
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
post
/custom_categories/{custom_category_name}

Delete a Custom Category

delete

Use this API to delete a single custom category by name. This action will remove the custom category and all of its associated data.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
custom_category_namestringRequired

The name of the custom category to delete

Example: Social Media
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
delete
/custom_categories/{custom_category_name}

List all URLs of a Custom Category

get

Use this API to get all URLs of an existing custom category.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
custom_category_namestringRequired

The name of the custom category to get URLs from

Responses
200

OK

application/json
get
/custom_categories/{custom_category_name}/urls

Add URLs to a Custom Category

post

Use this API to add URLs to an existing custom category.

Specify the name of the custom category in the path parameter (custom_category_name) and provide a JSON array of URLs in the request body.

Ensure that URLs are properly formatted and included in the array.

Please check the docs at https://inflight.dope.security for guidelines on URL formatting.

If any URL in the list is invalid, the entire request will be rejected. The 400 error response will include the list of invalid URLs in the error details.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
custom_category_namestringRequired

The name of the custom category to add URLs to

Body
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
post
/custom_categories/{custom_category_name}/urls

Overwrite all URLs of a Custom Category

put

Use this API to replace all existing URLs of a custom category with a new list of URLs.

Specify the name of the custom category in the path parameter (custom_category_name) and provide a JSON array of URLs in the request body. All existing URLs will be removed and replaced with the provided list.

Please check the docs at https://inflight.dope.security for guidelines on URL formatting.

If any URL in the list is invalid, the entire request will be rejected. The 400 error response will include the list of invalid URLs in the error details.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
custom_category_namestringRequired

The name of the custom category to overwrite URLs for

Example: AI-ML Chatbots
Body
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
put
/custom_categories/{custom_category_name}/urls

Delete All URLs from a Custom Category

delete

Use this API to delete all URLs from an existing custom category.

Specify the name of the custom category in the path parameter (custom_category_name).

This action will remove all URLs associated with the specified custom category.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
custom_category_namestringRequired

The name of the custom category to delete all URLs from

Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
delete
/custom_categories/{custom_category_name}/urls

Delete a specific URL from a Custom Category

delete

Use this API to delete a specific URL from an existing custom category.

Specify the name of the custom category in the path parameter (custom_category_name).

Ensure that a given URL is encoded using URL encoding.

Authorizations
AuthorizationstringRequired
Bearer authentication header of the form Bearer <token>.
Path parameters
custom_category_namestringRequired

The name of the custom category to delete given URL from

encoded_urlstringRequired

The URL to be deleted (Ensure that URLs are properly URL-encoded using the UTF8 encoding method)

Example: https%3A%2F%2Fdope.security
Responses
200

OK

application/json

A simple message response indicating a successful operation

messagestringRequired

Simple success message

Example: Success
delete
/custom_categories/{custom_category_name}/url/{encoded_url}
94KB
OpenAPIv112.yaml
Open
PreviousRelease Notes

Last updated