> For the complete documentation index, see [llms.txt](https://inflight.dope.security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://inflight.dope.security/dope.apis/public-api-specification.md). # Public API Specification Welcome to the Flightdeck API by `dope.security`. Modify custom categories, get endpoint statuses, and more via API! Stay tuned for upcoming updates that will enhance the capabilities and features of this API. For details on how to create API client credentials please see [API Client Credentials](/dope.console/settings/api-client-credentials.md). ## Generate Flightdeck API access token > Use this API to generate an access token for use with the Flightdeck API. A valid access token returned from\ > this API is required in all other Flightdeck API calls.\ > \ > Token generation is based on the OAuth 2.0 Client Credentials Flow. The returned token is used within the\ > HTTP Authorization header as follows:\ > \ > \`Authorization: Bearer \\`\ > \ > Note:\ > \- The required \`client\_id\` and \`client\_secret\` are created by an admin via the dope console.\ > \- Returned access tokens are valid for a limited time period. Clients must check the \`expires\_in\` value in\ > the response to generate a new access token before the current one expires.\ > \- The OAuth scopes parameter is not supported and if provided will be ignored. The scopes returned in the access\ > token are set directly by the authorization server.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Authorization","description":"Everything about authorizing calls to Flightdeck"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"paths":{"/partner/oauth/token":{"post":{"tags":["Authorization"],"summary":"Generate Flightdeck API access token","description":"Use this API to generate an access token for use with the Flightdeck API. A valid access token returned from\nthis API is required in all other Flightdeck API calls.\n\nToken generation is based on the OAuth 2.0 Client Credentials Flow. The returned token is used within the\nHTTP Authorization header as follows:\n\n`Authorization: Bearer `\n\nNote:\n- The required `client_id` and `client_secret` are created by an admin via the dope console.\n- Returned access tokens are valid for a limited time period. Clients must check the `expires_in` value in\nthe response to generate a new access token before the current one expires.\n- The OAuth scopes parameter is not supported and if provided will be ignored. The scopes returned in the access\ntoken are set directly by the authorization server.\n","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"grant_type":{"type":"string","description":"The type of grant requested. You must set this to `client_credentials`","enum":["client_credentials"]},"client_id":{"type":"string","description":"Your application's Client ID."},"client_secret":{"type":"string","description":"Your application's Client Secret."}},"required":["grant_type","client_id","client_secret"]}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"access_token":{"type":"string","description":"The new access token."},"token_type":{"type":"string","enum":["bearer"],"description":"The type of token returned."},"expires_in":{"type":"number","description":"The expiration time of the new access token in seconds."}},"required":["access_token","token_type","expires_in"]}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthError"}}}},"401":{"description":"Client not authorized","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthError"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/OAuthError"}}}}}}}},"components":{"schemas":{"OAuthError":{"type":"object","description":"The error response related OAuth tokens","properties":{"error":{"type":"string","description":"Specifies the OAuth error code string when the request for a token fails."}},"required":["error"]}}}} ``` ## List and Search Endpoints > Use this API to get a list of all endpoints, or search for those matching a query parameter.\ > \ > Note:\ > \- To return a list of all endpoints do not include any additional parameter.\ > \- Only one of the optional parameters is allowed to be specified per request.\ > \- Results are returned in pages using cursor based pagination and ordered by the \`lastSeen\` property.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Endpoints","description":"Everything about your endpoints"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"PaginationFirst":{"in":"query","name":"first","description":"An optional pagination param that states the number of records requested from the **start** of the `cursor`. The default value is **50**.","required":false,"schema":{"type":"integer","default":50}},"PaginationAfter":{"in":"query","name":"after","description":"An optional pagination cursor. Pass the `endCursor` from the previous response's `pageInfo` to fetch the next page. Check `hasNextPage` in the previous response's `pageInfo` to determine whether more records are available.","required":false,"schema":{"type":"string"}}},"schemas":{"PaginationResponse":{"type":"object","description":"Information about current and next page for cursor based pagination","properties":{"endCursor":{"type":"string","description":"Opaque string representing a cursor to the last record returned in the response. Used for requesting the next page."},"hasNextPage":{"type":"boolean","description":"indicates if there is another page of data to fetch or not"}},"required":["endCursor","hasNextPage"]},"Endpoint":{"type":"object","properties":{"adminSetState":{"$ref":"#/components/schemas/AdminSetState"},"agentUUID":{"type":"string","format":"uuid","description":"the unique id of the endpoint"},"userUUID":{"type":"string","format":"uuid","description":"the unique id of the active user on the endpoint"},"agentVersion":{"type":"string","description":"the current version of the endpoint"},"binaryType":{"type":"string","description":"type of ISA for computer processors"},"cityName":{"type":"string","description":"the name of the city where the endpoint is located"},"region":{"type":"string","description":"the name of the region where the endpoint is located"},"countryName":{"type":"string","description":"the name of the country where the endpoint is located"},"cpuFamily":{"type":"string","description":"the type of CPU on the device hosting the endpoint"},"debugState":{"type":"string","description":"indicates the debug state of the endpoint. 0 means not in debug, 1 means set to debug, 2 means acknowledged receipt of debug request"},"deviceName":{"type":"string","description":"the name of the device hosting the endpoint"},"disableMode":{"type":"boolean","description":"indicates if the endpoint is disabled or not"},"errorMessage":{"type":"string","description":"additional details regarding an error"},"fallbackMode":{"type":"boolean","description":"indicates if the endpoint is in fallback mode"},"configurationLastUpdated":{"type":"string","format":"date-time","description":"the date and time when the endpoint last updated the configuration"},"osVersion":{"type":"string","description":"Operating System version of the device"},"policyName":{"type":"string","description":"name of the policy that is being used by the endpoint"},"realtimeConnection":{"type":"boolean","description":"indicates if the endpoint has an active web-socket connection"},"status":{"type":"string","description":"the current operational status of the endpoint"},"lastSeen":{"type":"string","format":"date-time","description":"the date and time when the endpoint was last seen"},"userId":{"type":"string","description":"the user id of the user that is using the endpoint. `userId` for OIDC users is usually their email address."},"emailId":{"type":"string","description":"the email of the user that is using the endpoint"}}},"AdminSetState":{"type":"object","properties":{"enabled":{"type":"boolean","description":"Indicates if endpoint is set to enabled or not by the admin"},"timestamp":{"type":"string","format":"date-time","description":"The timestamp when the admin last set the state of the endpoint"}}},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/endpoints/search":{"get":{"summary":"List and Search Endpoints","description":"Use this API to get a list of all endpoints, or search for those matching a query parameter.\n\nNote:\n- To return a list of all endpoints do not include any additional parameter.\n- Only one of the optional parameters is allowed to be specified per request.\n- Results are returned in pages using cursor based pagination and ordered by the `lastSeen` property.\n","tags":["Endpoints"],"parameters":[{"in":"query","name":"id","description":"Broad search query across endpoints by device, user and email identities that contain this string (case-insensitive)","required":false,"schema":{"type":"string"}},{"in":"query","name":"emailId","description":"Search by email ids that contain this string (case-insensitive)","required":false,"schema":{"type":"string"}},{"in":"query","name":"deviceName","description":"Search by device names that contain this string (case-insensitive)","required":false,"schema":{"type":"string"}},{"in":"query","name":"userId","description":"Search by user ids that contain this string (case-insensitive). `userId` for OIDC users is usually their email address.","required":false,"schema":{"type":"string"}},{"in":"query","name":"osVersion","description":"Filter by this exact device OS version string","required":false,"schema":{"type":"string"}},{"in":"query","name":"status","description":"Filter by this exact set of status'","required":false,"schema":{"type":"array","items":{"type":"string","enum":["healthy","error","dormant","disabled"]}},"explode":false},{"in":"query","name":"debugState","description":"Filter by this exact set of debug states.\n0 means not in debug\n1 means debug request sent to endpoint\n2 means debug request acknowledged by endpoint\n","required":false,"schema":{"type":"array","items":{"type":"string","enum":["0","1","2"]}},"explode":false},{"in":"query","name":"fallbackMode","description":"Filter by the fallback mode","required":false,"schema":{"type":"string","enum":["true","false"]}},{"in":"query","name":"locationId","description":"Filter by this exact location id - with an underscore separating the case sensitive city and country values e.g. \"City_Country\"","required":false,"schema":{"type":"string"}},{"in":"query","name":"agentVersion","description":"Filter by this exact agent version","required":false,"schema":{"type":"string"}},{"$ref":"#/components/parameters/PaginationFirst"},{"$ref":"#/components/parameters/PaginationAfter"},{"in":"query","name":"order","description":"The direction of the sort by the `lastSeen` property. The default is to sort by descending","required":false,"schema":{"type":"string","enum":["desc","asc"]}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"pageInfo":{"$ref":"#/components/schemas/PaginationResponse"},"endpoints":{"type":"array","items":{"$ref":"#/components/schemas/Endpoint"}}}}}}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## List Policies > Use this API to get a paginated list of all your policies, ordered by policy name.\ > \ > Each item includes the policy name, last-modified timestamp, SSL inspection status, and\ > the number of conflicting assignments.\ > \ > The \`sslInspection\` field returns the effective value (\`enabled\` or \`disabled\`). If SSL\ > inspection is not explicitly configured on a policy, the value is inherited from the Base Policy.\ > \ > Results are returned in pages using cursor-based pagination.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"PaginationFirst":{"in":"query","name":"first","description":"An optional pagination param that states the number of records requested from the **start** of the `cursor`. The default value is **50**.","required":false,"schema":{"type":"integer","default":50}},"PaginationAfter":{"in":"query","name":"after","description":"An optional pagination cursor. Pass the `endCursor` from the previous response's `pageInfo` to fetch the next page. Check `hasNextPage` in the previous response's `pageInfo` to determine whether more records are available.","required":false,"schema":{"type":"string"}}},"schemas":{"Policy":{"type":"object","description":"Summary of a policy","properties":{"policyName":{"type":"string","description":"Unique name of the policy within the tenant"},"updatedAt":{"type":"string","format":"date-time","description":"ISO-8601 timestamp of the last policy modification"},"sslInspection":{"type":"string","enum":["enabled","disabled"],"description":"Effective SSL inspection status for this policy.\nIf SSL inspection is not explicitly configured on this policy, the value is\ninherited from the Base Policy.\n"},"clashCount":{"type":"integer","description":"Number of users/groups who have this policy as a conflicting assignment. Not present for the Base Policy."}},"required":["policyName","updatedAt","sslInspection"]},"PaginationResponse":{"type":"object","description":"Information about current and next page for cursor based pagination","properties":{"endCursor":{"type":"string","description":"Opaque string representing a cursor to the last record returned in the response. Used for requesting the next page."},"hasNextPage":{"type":"boolean","description":"indicates if there is another page of data to fetch or not"}},"required":["endCursor","hasNextPage"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies":{"get":{"summary":"List Policies","description":"Use this API to get a paginated list of all your policies, ordered by policy name.\n\nEach item includes the policy name, last-modified timestamp, SSL inspection status, and\nthe number of conflicting assignments.\n\nThe `sslInspection` field returns the effective value (`enabled` or `disabled`). If SSL\ninspection is not explicitly configured on a policy, the value is inherited from the Base Policy.\n\nResults are returned in pages using cursor-based pagination.\n","tags":["Policies"],"parameters":[{"$ref":"#/components/parameters/PaginationFirst"},{"$ref":"#/components/parameters/PaginationAfter"},{"in":"query","name":"order","description":"Sort order for policy names. Defaults to `asc`.","required":false,"schema":{"type":"string","enum":["asc","desc"],"default":"asc"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"policies":{"type":"array","items":{"$ref":"#/components/schemas/Policy"}},"pageInfo":{"$ref":"#/components/schemas/PaginationResponse"}},"required":["policies","pageInfo"]}},"required":["data"]}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Create a Policy > Use this API to create a new policy.\ > \ > Specify the name of the policy in the path parameter (\`policy\_name\`).\ > \ > If the policy already exists, a \`400\` error is returned.\ > \ > Validation rules for \`policy\_name\`:\ > \- Must not be empty or whitespace-only\ > \- Must not contain leading or trailing whitespace\ > \- Maximum length of 32 characters\ > \- Must not contain any of the following characters: \`# ! @ $ % ^ \* ? . / \\\`
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}":{"post":{"summary":"Create a Policy","description":"Use this API to create a new policy.\n\nSpecify the name of the policy in the path parameter (`policy_name`).\n\nIf the policy already exists, a `400` error is returned.\n\nValidation rules for `policy_name`:\n- Must not be empty or whitespace-only\n- Must not contain leading or trailing whitespace\n- Maximum length of 32 characters\n- Must not contain any of the following characters: `# ! @ $ % ^ * ? . / \\`\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to create","schema":{"type":"string","minLength":1,"maxLength":32,"pattern":"^[^#!@$%^*?./\\\\]+$"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request - invalid policy name or policy already exists","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Delete a Policy > Use this API to delete a custom policy by name.\ > This removes the policy and unassigns all users and groups from the policy.\ > \ > The Base Policy cannot be deleted.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}":{"delete":{"summary":"Delete a Policy","description":"Use this API to delete a custom policy by name.\nThis removes the policy and unassigns all users and groups from the policy.\n\nThe Base Policy cannot be deleted.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","description":"The name of the policy to delete","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request. Policy not found or attempted to delete Base Policy.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Get Policy Content > Use this API to retrieve the entire content of a policy, including\ > categories and custom categories.\ > \ > When a policy inherits from the base policy, \`inheritsFromBase\` will be \`true\`\ > and the content will reflect the base policy's settings.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"PolicyContentResponse":{"type":"object","properties":{"data":{"type":"object","properties":{"categories":{"$ref":"#/components/schemas/CategoryBlock"},"customCategories":{"$ref":"#/components/schemas/CustomCategoryBlock"}},"required":["categories","customCategories"]}},"required":["data"]},"CategoryBlock":{"type":"object","description":"Wrapper for category data with inheritance flag","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the categories are inherited from the base policy"},"restrictions":{"type":"object","description":"Category restrictions keyed by category name","additionalProperties":{"$ref":"#/components/schemas/CategorySettings"}}},"required":["inheritsFromBase","restrictions"]},"CategorySettings":{"type":"object","description":"Settings for a dope category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied when the category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"description":{"type":"string","description":"Category description"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]},"CategoryException":{"type":"object","description":"Per-entity override of a category restriction","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this entity"},"page":{"type":"string","description":"Optional block/warning page identifier"},"name":{"type":"string","description":"Human-readable entity name (returned on read APIs)"},"type":{"type":"string","enum":["users","groups"],"description":"Entity type (returned on read APIs)"}},"required":["restriction"]},"CustomCategoryBlock":{"type":"object","description":"Wrapper for custom category data with inheritance flag","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the custom categories are inherited from the base policy"},"restrictions":{"type":"object","description":"Custom category restrictions keyed by custom category name","additionalProperties":{"$ref":"#/components/schemas/CustomCategorySettings"}}},"required":["inheritsFromBase","restrictions"]},"CustomCategorySettings":{"type":"object","description":"Settings for a custom category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING","IGNORE"],"description":"The action applied when the custom category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/content":{"get":{"summary":"Get Policy Content","description":"Use this API to retrieve the entire content of a policy, including\ncategories and custom categories.\n\nWhen a policy inherits from the base policy, `inheritsFromBase` will be `true`\nand the content will reflect the base policy's settings.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to retrieve content for","schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyContentResponse"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Update Policy Content Restrictions > Use this API to update restrictions on dope and custom categories for a policy.\ > \ > A single call may update restrictions on any combination of dope\ > and custom categories. Only submitted categories will be updated -\ > any category not included in the request will be left unchanged.\ > \ > This API also resets categories back to inheriting from base.\ > Both dope categories and custom categories inherit from base\ > (and are reset) as a whole by sending \`{inheritsFromBase:true}\` in the payload.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"PolicyContentRestrictionsRequest":{"type":"object","description":"Request body for updating restrictions on dope and custom categories","properties":{"data":{"type":"object","properties":{"categories":{"oneOf":[{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CategoryRestrictionUpdate"}},{"$ref":"#/components/schemas/BaseInheritance"}],"description":"Restriction updates keyed by category name, or BaseInheritance to reset to base."},"customCategories":{"oneOf":[{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CustomCategoryRestrictionUpdate"}},{"$ref":"#/components/schemas/BaseInheritance"}],"description":"Restriction updates keyed by custom category name, or BaseInheritance to reset to base."}}}},"required":["data"]},"CategoryRestrictionUpdate":{"type":"object","description":"Category restriction settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"Action applied when the category is matched"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]},"BaseInheritance":{"type":"object","description":"Signals that settings are inherited from the base policy","properties":{"inheritsFromBase":{"type":"boolean","enum":[true],"description":"Always `true`. Signals that settings are inherited from the base policy."}},"required":["inheritsFromBase"]},"CustomCategoryRestrictionUpdate":{"type":"object","description":"Custom category restriction settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING","IGNORE"],"description":"Custom categories can be ignored, in addition to regular restrictions"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]},"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/content/restrictions":{"put":{"summary":"Update Policy Content Restrictions","description":"Use this API to update restrictions on dope and custom categories for a policy.\n\nA single call may update restrictions on any combination of dope\nand custom categories. Only submitted categories will be updated -\nany category not included in the request will be left unchanged.\n\nThis API also resets categories back to inheriting from base.\nBoth dope categories and custom categories inherit from base\n(and are reset) as a whole by sending `{inheritsFromBase:true}` in the payload.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to update restrictions for","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyContentRestrictionsRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Update Policy Content Exceptions > Use this API to update user/group-level exceptions on dope and custom categories for a policy.\ > \ > Exceptions are per-user/group overrides of a category's restriction.\ > Each exception is keyed by the user or group identifier (e.g. email address) within a category.\ > \ > A single request can update exceptions across multiple dope and custom categories.\ > Categories not included in the request remain unchanged. For each category provided, the submitted\ > exception set is treated as the complete source of truth and fully replaces any existing exceptions.\ > Any existing entries not included in the request for that category will be removed.\ > To remove all exceptions from a category, pass an empty object \`{}\` as its value.\ > \ > All user and group identifiers are validated against the tenant directory.\ > If any identifier cannot be resolved, the request fails with a \`400 Bad Request\`,\ > and the response includes details of the invalid entries.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"PolicyContentExceptionsRequest":{"type":"object","description":"Request body for updating user/group exceptions on categories","properties":{"data":{"type":"object","properties":{"categories":{"type":"object","description":"Exception updates keyed first by category name, then by user or group identifier.","additionalProperties":{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CategoryExceptionUpdate"}}},"customCategories":{"type":"object","description":"Exception updates keyed first by custom category name, then by user or group identifier.","additionalProperties":{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CategoryExceptionUpdate"}}}}}},"required":["data"]},"CategoryExceptionUpdate":{"type":"object","description":"Exception settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this user or group"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]},"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/content/exceptions":{"put":{"summary":"Update Policy Content Exceptions","description":"Use this API to update user/group-level exceptions on dope and custom categories for a policy.\n\nExceptions are per-user/group overrides of a category's restriction.\nEach exception is keyed by the user or group identifier (e.g. email address) within a category.\n\nA single request can update exceptions across multiple dope and custom categories.\nCategories not included in the request remain unchanged. For each category provided, the submitted\nexception set is treated as the complete source of truth and fully replaces any existing exceptions.\nAny existing entries not included in the request for that category will be removed.\nTo remove all exceptions from a category, pass an empty object `{}` as its value.\n\nAll user and group identifiers are validated against the tenant directory.\nIf any identifier cannot be resolved, the request fails with a `400 Bad Request`,\nand the response includes details of the invalid entries.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to update exceptions for","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PolicyContentExceptionsRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Get Policy Assignments > Use this API to get the users and groups assigned to a policy.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"AssignedUser":{"type":"object","description":"A user assigned to a policy","properties":{"email":{"type":"string","description":"Email address of the assigned user"},"name":{"type":"string","description":"Display name of the assigned user"}},"required":["email","name"]},"AssignedGroup":{"type":"object","description":"A group assigned to a policy","properties":{"email":{"type":"string","description":"Email address of the assigned group"},"name":{"type":"string","description":"Display name of the assigned group"},"membersCount":{"type":"integer","description":"Number of members in the group"}},"required":["email","name","membersCount"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/assignments":{"get":{"summary":"Get Policy Assignments","description":"Use this API to get the users and groups assigned to a policy.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to get assignments for","schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"users":{"type":"array","items":{"$ref":"#/components/schemas/AssignedUser"}},"groups":{"type":"array","items":{"$ref":"#/components/schemas/AssignedGroup"}}},"required":["users","groups"]}},"required":["data"]}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Update Policy Assignments > Use this API to update the users and groups assigned to a policy.\ > \ > Each provided field fully replaces that assignment list. Omitted fields are preserved.\ > Send an empty array to unassign all users or groups.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/assignments":{"put":{"summary":"Update Policy Assignments","description":"Use this API to update the users and groups assigned to a policy.\n\nEach provided field fully replaces that assignment list. Omitted fields are preserved.\nSend an empty array to unassign all users or groups.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to update assignments for","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"users":{"type":"array","description":"User emails to assign. Omit to leave unchanged, send [] to unassign all.","items":{"type":"string"}},"groups":{"type":"array","description":"Group emails to assign. Omit to leave unchanged, send [] to unassign all.","items":{"type":"string"}}}}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Get URL Bypass > Use this API to get the URL bypass entries for a policy.\ > \ > The response contains both admin-defined \`custom\` entries and dope-provided\ > \`default\` entries with their per-entry toggle state.\ > \ > When a policy inherits from the base policy, \`inheritsFromBase\` will be \`true\`\ > and the \`custom\` and \`default\` entries will reflect the base policy's settings.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"CustomBypassItem":{"type":"object","description":"A custom application bypass entry defined by the admin","properties":{"name":{"type":"string","description":"The application name being bypassed"},"note":{"type":"string","maxLength":256,"description":"Note about this bypass entry"},"updatedBy":{"type":"string","description":"The user who last updated this entry"},"updatedAt":{"type":"string","format":"date-time","description":"ISO-8601 timestamp when this entry was last updated"}},"required":["name","note"]},"DefaultBypassItem":{"type":"object","description":"A read-only bypass entry pre-configured by Dope Security. Default entries cannot be\ncreated or deleted, but partners can set their state to ignored to prevent them from\nbeing enforced.\n","properties":{"name":{"type":"string","description":"The name of the default bypass entry (application name or URL pattern)"},"state":{"type":"string","enum":["applied","ignored"],"description":"Whether this default entry is applied or ignored for the policy"}},"required":["name","state"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/bypass/urls":{"get":{"summary":"Get URL Bypass","description":"Use this API to get the URL bypass entries for a policy.\n\nThe response contains both admin-defined `custom` entries and dope-provided\n`default` entries with their per-entry toggle state.\n\nWhen a policy inherits from the base policy, `inheritsFromBase` will be `true`\nand the `custom` and `default` entries will reflect the base policy's settings.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to retrieve the URL bypass for","schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the URL bypass configuration is inherited from the base policy"},"custom":{"type":"array","description":"Custom URL bypass entries defined by the admin","items":{"$ref":"#/components/schemas/CustomBypassItem"}},"default":{"type":"array","description":"Default URL bypass entries with their toggle states","items":{"$ref":"#/components/schemas/DefaultBypassItem"}}},"required":["inheritsFromBase","custom","default"]}},"required":["data"]}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Upsert URL Bypass > Upsert custom URL bypass entries and/or update default URL bypass states for a policy.\ > \ > \*\*Custom entries\*\* are matched by name: matching names are overwritten, unknown names are added.\ > Unmentioned custom entries are preserved.\ > \ > \*\*Default entries\*\* are matched by name: set \`state\` to \`ignored\` to suppress a default entry,\ > or \`applied\` to re-enable it. Unknown default entry names are silently ignored.\ > \ > Pass \`inheritsFromBase: true\` as the entire \`data\` payload to reset the policy to inherit\ > all URL bypass configuration from the base policy (this drops all custom entries and default\ > overrides for this policy).\ > \ > \*\*Detaching from Base\*\*: If a policy inherits from the Base Policy (\`inheritsFromBase: true\`),\ > sending \`custom\` or \`default\` entries will detach it. Base entries are not copied — include any\ > you want to keep in the request. Once detached, further Base Policy changes will no longer\ > propagate to this policy.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"BaseInheritance":{"type":"object","description":"Signals that settings are inherited from the base policy","properties":{"inheritsFromBase":{"type":"boolean","enum":[true],"description":"Always `true`. Signals that settings are inherited from the base policy."}},"required":["inheritsFromBase"]},"UrlBypassUpdateBody":{"type":"object","description":"Payload for upserting URL bypass entries. At least one of `custom` or `default` must be provided. Unmentioned custom entries are preserved. Unknown default entry names are silently ignored.\n","properties":{"custom":{"type":"array","description":"Custom URL entries to upsert (matched by name).","items":{"$ref":"#/components/schemas/CustomBypassRequestItem"}},"default":{"type":"array","description":"Default URL entries with updated toggle states (matched by name).","items":{"$ref":"#/components/schemas/DefaultBypassItem"}}}},"CustomBypassRequestItem":{"type":"object","description":"A custom bypass entry for write operations.","properties":{"name":{"type":"string","maxLength":256,"description":"The name of the entity to bypass (application name or URL pattern)"},"note":{"type":"string","maxLength":256,"description":"Optional note about this bypass entry"}},"required":["name"]},"DefaultBypassItem":{"type":"object","description":"A read-only bypass entry pre-configured by Dope Security. Default entries cannot be\ncreated or deleted, but partners can set their state to ignored to prevent them from\nbeing enforced.\n","properties":{"name":{"type":"string","description":"The name of the default bypass entry (application name or URL pattern)"},"state":{"type":"string","enum":["applied","ignored"],"description":"Whether this default entry is applied or ignored for the policy"}},"required":["name","state"]},"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/bypass/urls":{"put":{"summary":"Upsert URL Bypass","description":"Upsert custom URL bypass entries and/or update default URL bypass states for a policy.\n\n**Custom entries** are matched by name: matching names are overwritten, unknown names are added.\nUnmentioned custom entries are preserved.\n\n**Default entries** are matched by name: set `state` to `ignored` to suppress a default entry,\nor `applied` to re-enable it. Unknown default entry names are silently ignored.\n\nPass `inheritsFromBase: true` as the entire `data` payload to reset the policy to inherit\nall URL bypass configuration from the base policy (this drops all custom entries and default\noverrides for this policy).\n\n**Detaching from Base**: If a policy inherits from the Base Policy (`inheritsFromBase: true`),\nsending `custom` or `default` entries will detach it. Base entries are not copied — include any\nyou want to keep in the request. Once detached, further Base Policy changes will no longer\npropagate to this policy.\n","operationId":"upsertUrlBypass","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to update URL bypass entries for","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["data"],"properties":{"data":{"oneOf":[{"$ref":"#/components/schemas/BaseInheritance"},{"$ref":"#/components/schemas/UrlBypassUpdateBody"}]}}}}}},"responses":{"200":{"description":"URL bypass updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request or policy not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"401":{"description":"Unauthorized — missing or invalid bearer token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Delete Custom URL Bypass Entries > Use this API to delete custom URL bypass entries from a policy by name.\ > \ > The operation is idempotent — names that do not exist are silently ignored.\ > \ > Policies that inherit URL bypass from the Base Policy cannot have custom URLs deleted.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/bypass/urls":{"delete":{"summary":"Delete Custom URL Bypass Entries","description":"Use this API to delete custom URL bypass entries from a policy by name.\n\nThe operation is idempotent — names that do not exist are silently ignored.\n\nPolicies that inherit URL bypass from the Base Policy cannot have custom URLs deleted.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to delete URL bypass entries from","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"custom":{"type":"object","properties":{"urls":{"type":"array","items":{"type":"string"},"description":"List of URL names to delete"}},"required":["urls"]}},"required":["custom"]}},"required":["data"]}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request. Policy not found or policy inherits URL bypass from Base Policy.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Get Application Bypass > Use this API to get the application bypass entries for a policy.\ > \ > The response contains both admin-defined \`custom\` entries and dope-provided\ > \`default\` entries with their per-entry toggle state, split per platform\ > (\`mac\` and \`windows\`).\ > \ > When a policy inherits from the base policy, \`inheritsFromBase\` will be \`true\`\ > and the \`custom\` and \`default\` entries will reflect the base policy's settings.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"CustomBypassItem":{"type":"object","description":"A custom application bypass entry defined by the admin","properties":{"name":{"type":"string","description":"The application name being bypassed"},"note":{"type":"string","maxLength":256,"description":"Note about this bypass entry"},"updatedBy":{"type":"string","description":"The user who last updated this entry"},"updatedAt":{"type":"string","format":"date-time","description":"ISO-8601 timestamp when this entry was last updated"}},"required":["name","note"]},"DefaultBypassItem":{"type":"object","description":"A read-only bypass entry pre-configured by Dope Security. Default entries cannot be\ncreated or deleted, but partners can set their state to ignored to prevent them from\nbeing enforced.\n","properties":{"name":{"type":"string","description":"The name of the default bypass entry (application name or URL pattern)"},"state":{"type":"string","enum":["applied","ignored"],"description":"Whether this default entry is applied or ignored for the policy"}},"required":["name","state"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/bypass/applications":{"get":{"summary":"Get Application Bypass","description":"Use this API to get the application bypass entries for a policy.\n\nThe response contains both admin-defined `custom` entries and dope-provided\n`default` entries with their per-entry toggle state, split per platform\n(`mac` and `windows`).\n\nWhen a policy inherits from the base policy, `inheritsFromBase` will be `true`\nand the `custom` and `default` entries will reflect the base policy's settings.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to retrieve the application bypass for","schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the application bypass configuration is inherited from the base policy"},"custom":{"type":"object","description":"Custom application bypass entries defined by the admin","properties":{"mac":{"type":"array","description":"Custom bypass apps on macOS","items":{"$ref":"#/components/schemas/CustomBypassItem"}},"windows":{"type":"array","description":"Custom bypass apps on Windows","items":{"$ref":"#/components/schemas/CustomBypassItem"}}},"required":["mac","windows"]},"default":{"type":"object","description":"Default application bypass entries with their toggle states","properties":{"mac":{"type":"array","description":"Default bypass apps on macOS","items":{"$ref":"#/components/schemas/DefaultBypassItem"}},"windows":{"type":"array","description":"Default bypass apps on Windows","items":{"$ref":"#/components/schemas/DefaultBypassItem"}}},"required":["mac","windows"]}},"required":["inheritsFromBase","custom","default"]}},"required":["data"]}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Upsert Application Bypass > Upsert custom application bypass entries and/or update default application bypass states for a policy.\ > \ > \*\*Custom entries\*\* are matched by name: matching names are overwritten, unknown names are added.\ > Unmentioned custom entries are preserved.\ > \ > \*\*Default entries\*\* are matched by name: set \`state\` to \`ignored\` to suppress a default entry,\ > or \`applied\` to re-enable it. Unknown default entry names are silently ignored.\ > \ > Pass \`inheritsFromBase: true\` as the entire \`data\` payload to reset the policy to inherit\ > all application bypass configuration from the base policy (this drops all custom entries and default\ > overrides for this policy).\ > \ > \*\*Detaching from Base\*\*: If a policy inherits from the Base Policy (\`inheritsFromBase: true\`),\ > sending \`custom\` or \`default\` entries will detach it. Base entries are not copied — include any\ > you want to keep in the request. Once detached, further Base Policy changes will no longer\ > propagate to this policy.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"BaseInheritance":{"type":"object","description":"Signals that settings are inherited from the base policy","properties":{"inheritsFromBase":{"type":"boolean","enum":[true],"description":"Always `true`. Signals that settings are inherited from the base policy."}},"required":["inheritsFromBase"]},"ApplicationBypassUpdateBody":{"type":"object","description":"Payload for upserting application bypass entries. At least one of `custom` or `default` must be provided. Under each, at least one of `mac` or `windows` must be provided. Unmentioned custom entries are preserved. Unknown default entry names are silently ignored.\n","properties":{"custom":{"type":"object","description":"Custom application entries to upsert (matched by name), keyed by platform.","properties":{"mac":{"type":"array","description":"Custom bypass apps on macOS.","items":{"$ref":"#/components/schemas/CustomBypassRequestItem"}},"windows":{"type":"array","description":"Custom bypass apps on Windows.","items":{"$ref":"#/components/schemas/CustomBypassRequestItem"}}}},"default":{"type":"object","description":"Default application entries with updated toggle states (matched by name), keyed by platform.","properties":{"mac":{"type":"array","description":"Default bypass apps on macOS.","items":{"$ref":"#/components/schemas/DefaultBypassItem"}},"windows":{"type":"array","description":"Default bypass apps on Windows.","items":{"$ref":"#/components/schemas/DefaultBypassItem"}}}}}},"CustomBypassRequestItem":{"type":"object","description":"A custom bypass entry for write operations.","properties":{"name":{"type":"string","maxLength":256,"description":"The name of the entity to bypass (application name or URL pattern)"},"note":{"type":"string","maxLength":256,"description":"Optional note about this bypass entry"}},"required":["name"]},"DefaultBypassItem":{"type":"object","description":"A read-only bypass entry pre-configured by Dope Security. Default entries cannot be\ncreated or deleted, but partners can set their state to ignored to prevent them from\nbeing enforced.\n","properties":{"name":{"type":"string","description":"The name of the default bypass entry (application name or URL pattern)"},"state":{"type":"string","enum":["applied","ignored"],"description":"Whether this default entry is applied or ignored for the policy"}},"required":["name","state"]},"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/bypass/applications":{"put":{"summary":"Upsert Application Bypass","description":"Upsert custom application bypass entries and/or update default application bypass states for a policy.\n\n**Custom entries** are matched by name: matching names are overwritten, unknown names are added.\nUnmentioned custom entries are preserved.\n\n**Default entries** are matched by name: set `state` to `ignored` to suppress a default entry,\nor `applied` to re-enable it. Unknown default entry names are silently ignored.\n\nPass `inheritsFromBase: true` as the entire `data` payload to reset the policy to inherit\nall application bypass configuration from the base policy (this drops all custom entries and default\noverrides for this policy).\n\n**Detaching from Base**: If a policy inherits from the Base Policy (`inheritsFromBase: true`),\nsending `custom` or `default` entries will detach it. Base entries are not copied — include any\nyou want to keep in the request. Once detached, further Base Policy changes will no longer\npropagate to this policy.\n","operationId":"upsertApplicationBypass","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to update application bypass entries for","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["data"],"properties":{"data":{"oneOf":[{"$ref":"#/components/schemas/BaseInheritance"},{"$ref":"#/components/schemas/ApplicationBypassUpdateBody"}]}}}}}},"responses":{"200":{"description":"Application bypass updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request or policy not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"401":{"description":"Unauthorized — missing or invalid bearer token","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Delete Custom Application Bypass Entries > Use this API to delete custom application bypass entries from a policy by name.\ > \ > The operation is idempotent — names that do not exist are silently ignored.\ > \ > At least one of \`mac\` or \`windows\` must be provided.\ > \ > Policies that inherit application bypass from the Base Policy cannot have custom applications deleted.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/bypass/applications":{"delete":{"summary":"Delete Custom Application Bypass Entries","description":"Use this API to delete custom application bypass entries from a policy by name.\n\nThe operation is idempotent — names that do not exist are silently ignored.\n\nAt least one of `mac` or `windows` must be provided.\n\nPolicies that inherit application bypass from the Base Policy cannot have custom applications deleted.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to delete application bypass entries from","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"custom":{"type":"object","properties":{"mac":{"type":"array","items":{"type":"string"},"description":"List of macOS application names to delete"},"windows":{"type":"array","items":{"type":"string"},"description":"List of Windows application names to delete"}}}},"required":["custom"]}},"required":["data"]}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request. Policy not found, validation error, or policy inherits application bypass from Base Policy.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Get SSL Inspection Configuration > Use this API to get the SSL inspection configuration for a policy.\ > \ > The response returns \`sslInspection\` as an object containing the resolved\ > \`state\` (always \`enabled\` or \`disabled\`) and \`inheritsFromBase\` indicating\ > whether the policy inherits SSL inspection from the Base Policy.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SslInspectionResponse":{"description":"SSL inspection configuration for a policy.","allOf":[{"$ref":"#/components/schemas/SslInspectionStateBody"},{"type":"object","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether SSL inspection is inherited from the Base Policy."}},"required":["inheritsFromBase"]}]},"SslInspectionStateBody":{"type":"object","description":"Set a custom SSL inspection state on a policy.","properties":{"state":{"type":"string","enum":["enabled","disabled"],"description":"The state of SSL inspection for this policy."}},"required":["state"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/ssl-inspection":{"get":{"summary":"Get SSL Inspection Configuration","description":"Use this API to get the SSL inspection configuration for a policy.\n\nThe response returns `sslInspection` as an object containing the resolved\n`state` (always `enabled` or `disabled`) and `inheritsFromBase` indicating\nwhether the policy inherits SSL inspection from the Base Policy.\n","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to retrieve SSL inspection for","schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"sslInspection":{"$ref":"#/components/schemas/SslInspectionResponse"}},"required":["sslInspection"]}},"required":["data"]}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Update SSL Inspection Configuration > Use this API to update the SSL inspection configuration for a policy.\ > \ > The request body must be either:\ > \- \`{"state": "enabled" | "disabled"}\` to set a custom state on this policy, OR\ > \- \`{"inheritsFromBase": true}\` to make this policy inherit SSL inspection from the Base Policy.\ > \ > Exactly one of these two shapes is allowed. Anything else (extra fields,\ > both fields, \`inheritsFromBase: false\`) returns \`400\`. The Base Policy\ > cannot inherit from itself; setting \`inheritsFromBase: true\` on the Base\ > Policy returns \`400\`.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Policies","description":"Everything about your Policies"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SslInspectionStateBody":{"type":"object","description":"Set a custom SSL inspection state on a policy.","properties":{"state":{"type":"string","enum":["enabled","disabled"],"description":"The state of SSL inspection for this policy."}},"required":["state"]},"BaseInheritance":{"type":"object","description":"Signals that settings are inherited from the base policy","properties":{"inheritsFromBase":{"type":"boolean","enum":[true],"description":"Always `true`. Signals that settings are inherited from the base policy."}},"required":["inheritsFromBase"]},"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/policies/{policy_name}/ssl-inspection":{"put":{"summary":"Update SSL Inspection Configuration","description":"Use this API to update the SSL inspection configuration for a policy.\n\nThe request body must be either:\n- `{\"state\": \"enabled\" | \"disabled\"}` to set a custom state on this policy, OR\n- `{\"inheritsFromBase\": true}` to make this policy inherit SSL inspection from the Base Policy.\n\nExactly one of these two shapes is allowed. Anything else (extra fields,\nboth fields, `inheritsFromBase: false`) returns `400`. The Base Policy\ncannot inherit from itself; setting `inheritsFromBase: true` on the Base\nPolicy returns `400`.\n","operationId":"updateSslInspection","tags":["Policies"],"parameters":[{"in":"path","name":"policy_name","required":true,"description":"The name of the policy to update SSL inspection for","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["data"],"properties":{"data":{"type":"object","properties":{"sslInspection":{"oneOf":[{"$ref":"#/components/schemas/SslInspectionStateBody"},{"$ref":"#/components/schemas/BaseInheritance"}]}},"required":["sslInspection"]}}}}}},"responses":{"200":{"description":"SSL inspection updated successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request or policy not found","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## List Custom Categories > Use this API to get a paginated list of all custom categories.\ > \ > Results are returned in pages using cursor based pagination.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"parameters":{"PaginationFirst":{"in":"query","name":"first","description":"An optional pagination param that states the number of records requested from the **start** of the `cursor`. The default value is **50**.","required":false,"schema":{"type":"integer","default":50}},"PaginationAfter":{"in":"query","name":"after","description":"An optional pagination cursor. Pass the `endCursor` from the previous response's `pageInfo` to fetch the next page. Check `hasNextPage` in the previous response's `pageInfo` to determine whether more records are available.","required":false,"schema":{"type":"string"}}},"schemas":{"PaginationResponse":{"type":"object","description":"Information about current and next page for cursor based pagination","properties":{"endCursor":{"type":"string","description":"Opaque string representing a cursor to the last record returned in the response. Used for requesting the next page."},"hasNextPage":{"type":"boolean","description":"indicates if there is another page of data to fetch or not"}},"required":["endCursor","hasNextPage"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories":{"get":{"summary":"List Custom Categories","description":"Use this API to get a paginated list of all custom categories.\n\nResults are returned in pages using cursor based pagination.\n","tags":["Custom Categories"],"parameters":[{"$ref":"#/components/parameters/PaginationFirst"},{"$ref":"#/components/parameters/PaginationAfter"}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"pageInfo":{"$ref":"#/components/schemas/PaginationResponse"},"customCategories":{"type":"array","items":{"type":"string"}}},"required":["pageInfo","customCategories"]}},"required":["data"]}}}},"403":{"description":"Access denied","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Create a Custom Category > Use this API to create a new custom category.\ > \ > Specify the name of the custom category in the path parameter (\`custom\_category\_name\`).\ > \ > If the custom category already exists, a \`400\` error is returned.\ > \ > Validation rules for \`custom\_category\_name\`:\ > \- Must not be empty or whitespace-only\ > \- Must not contain leading or trailing whitespace\ > \- Maximum length of 32 characters\ > \- Must not contain any of the following characters: \`# ! @ $ % ^ \* ? . / \\\`
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories/{custom_category_name}":{"post":{"summary":"Create a Custom Category","description":"Use this API to create a new custom category.\n\nSpecify the name of the custom category in the path parameter (`custom_category_name`).\n\nIf the custom category already exists, a `400` error is returned.\n\nValidation rules for `custom_category_name`:\n- Must not be empty or whitespace-only\n- Must not contain leading or trailing whitespace\n- Maximum length of 32 characters\n- Must not contain any of the following characters: `# ! @ $ % ^ * ? . / \\`\n","tags":["Custom Categories"],"parameters":[{"in":"path","name":"custom_category_name","required":true,"description":"The name of the custom category to create","schema":{"type":"string","minLength":1,"maxLength":32,"pattern":"^[^#!@$%^*?./\\\\]+$"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request - invalid custom category name or custom category already exists","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Delete a Custom Category > Use this API to delete a single custom category by name.\ > This action will remove the custom category and all of its associated data.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories/{custom_category_name}":{"delete":{"summary":"Delete a Custom Category","description":"Use this API to delete a single custom category by name.\nThis action will remove the custom category and all of its associated data.\n","tags":["Custom Categories"],"parameters":[{"in":"path","name":"custom_category_name","description":"The name of the custom category to delete","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## List all URLs of a Custom Category > Use this API to get all URLs of an existing custom category.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories/{custom_category_name}/urls":{"get":{"summary":"List all URLs of a Custom Category","description":"Use this API to get all URLs of an existing custom category.\n","tags":["Custom Categories"],"parameters":[{"in":"path","name":"custom_category_name","required":true,"description":"The name of the custom category to get URLs from","schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"urls":{"type":"array","items":{"type":"string"}}},"required":["urls"]}},"required":["data"]}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Add URLs to a Custom Category > Use this API to add URLs to an existing custom category.\ > \ > Specify the name of the custom category in the path parameter (\`custom\_category\_name\`)\ > and provide a JSON array of URLs in the request body.\ > \ > Ensure that URLs are properly formatted and included in the array.\ > \ > Please check the docs at for guidelines on URL formatting.\ > \ > If any URL in the list is invalid, the entire request will be rejected.\ > The 400 error response will include the list of invalid URLs in the error details.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories/{custom_category_name}/urls":{"post":{"summary":"Add URLs to a Custom Category","description":"Use this API to add URLs to an existing custom category.\n\nSpecify the name of the custom category in the path parameter (`custom_category_name`)\nand provide a JSON array of URLs in the request body.\n\nEnsure that URLs are properly formatted and included in the array.\n\nPlease check the docs at https://inflight.dope.security for guidelines on URL formatting.\n\nIf any URL in the list is invalid, the entire request will be rejected.\nThe 400 error response will include the list of invalid URLs in the error details.\n","tags":["Custom Categories"],"parameters":[{"in":"path","name":"custom_category_name","required":true,"description":"The name of the custom category to add URLs to","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"urls":{"type":"array","items":{"type":"string"}}}}}}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Overwrite all URLs of a Custom Category > Use this API to replace all existing URLs of a custom category with a new list of URLs.\ > \ > Specify the name of the custom category in the path parameter (\`custom\_category\_name\`)\ > and provide a JSON array of URLs in the request body. All existing URLs will be removed\ > and replaced with the provided list.\ > \ > Please check the docs at for guidelines on URL formatting.\ > \ > If any URL in the list is invalid, the entire request will be rejected.\ > The 400 error response will include the list of invalid URLs in the error details.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories/{custom_category_name}/urls":{"put":{"summary":"Overwrite all URLs of a Custom Category","description":"Use this API to replace all existing URLs of a custom category with a new list of URLs.\n\nSpecify the name of the custom category in the path parameter (`custom_category_name`)\nand provide a JSON array of URLs in the request body. All existing URLs will be removed\nand replaced with the provided list.\n\nPlease check the docs at https://inflight.dope.security for guidelines on URL formatting.\n\nIf any URL in the list is invalid, the entire request will be rejected.\nThe 400 error response will include the list of invalid URLs in the error details.\n","tags":["Custom Categories"],"parameters":[{"in":"path","name":"custom_category_name","required":true,"description":"The name of the custom category to overwrite URLs for","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"data":{"type":"object","properties":{"urls":{"type":"array","items":{"type":"string"}}}}}}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Delete All URLs from a Custom Category > Use this API to delete all URLs from an existing custom category.\ > \ > Specify the name of the custom category in the path parameter (\`custom\_category\_name\`).\ > \ > This action will remove all URLs associated with the specified custom category.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories/{custom_category_name}/urls":{"delete":{"summary":"Delete All URLs from a Custom Category","description":"Use this API to delete all URLs from an existing custom category.\n\nSpecify the name of the custom category in the path parameter (`custom_category_name`).\n\nThis action will remove all URLs associated with the specified custom category.\n","tags":["Custom Categories"],"parameters":[{"in":"path","name":"custom_category_name","description":"The name of the custom category to delete all URLs from","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## Delete a specific URL from a Custom Category > Use this API to delete a specific URL from an existing custom category.\ > \ > Specify the name of the custom category in the path parameter (\`custom\_category\_name\`).\ > \ > Ensure that a given URL is encoded using URL encoding.
```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"tags":[{"name":"Custom Categories","description":"Everything about your Custom Categories"}],"servers":[{"url":"https://api.flightdeck.dope.security/v1"}],"security":[{"BearerAuth":[]}],"components":{"securitySchemes":{"BearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}},"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]},"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}},"paths":{"/custom_categories/{custom_category_name}/url/{encoded_url}":{"delete":{"summary":"Delete a specific URL from a Custom Category","description":"Use this API to delete a specific URL from an existing custom category.\n\nSpecify the name of the custom category in the path parameter (`custom_category_name`).\n\nEnsure that a given URL is encoded using URL encoding.\n","tags":["Custom Categories"],"parameters":[{"in":"path","name":"custom_category_name","description":"The name of the custom category to delete given URL from","required":true,"schema":{"type":"string"}},{"in":"path","name":"encoded_url","description":"The URL to be deleted (Ensure that URLs are properly URL-encoded using\nthe UTF8 encoding method)\n","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SuccessMessage"}}}},"400":{"description":"Bad request","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"403":{"description":"Unauthorized access","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}},"500":{"description":"Internal server error.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Errors"}}}}}}}}} ``` ## The Policy object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"Policy":{"type":"object","description":"Summary of a policy","properties":{"policyName":{"type":"string","description":"Unique name of the policy within the tenant"},"updatedAt":{"type":"string","format":"date-time","description":"ISO-8601 timestamp of the last policy modification"},"sslInspection":{"type":"string","enum":["enabled","disabled"],"description":"Effective SSL inspection status for this policy.\nIf SSL inspection is not explicitly configured on this policy, the value is\ninherited from the Base Policy.\n"},"clashCount":{"type":"integer","description":"Number of users/groups who have this policy as a conflicting assignment. Not present for the Base Policy."}},"required":["policyName","updatedAt","sslInspection"]}}}} ``` ## The AssignedUser object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"AssignedUser":{"type":"object","description":"A user assigned to a policy","properties":{"email":{"type":"string","description":"Email address of the assigned user"},"name":{"type":"string","description":"Display name of the assigned user"}},"required":["email","name"]}}}} ``` ## The AssignedGroup object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"AssignedGroup":{"type":"object","description":"A group assigned to a policy","properties":{"email":{"type":"string","description":"Email address of the assigned group"},"name":{"type":"string","description":"Display name of the assigned group"},"membersCount":{"type":"integer","description":"Number of members in the group"}},"required":["email","name","membersCount"]}}}} ``` ## The CustomBypassItem object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CustomBypassItem":{"type":"object","description":"A custom application bypass entry defined by the admin","properties":{"name":{"type":"string","description":"The application name being bypassed"},"note":{"type":"string","maxLength":256,"description":"Note about this bypass entry"},"updatedBy":{"type":"string","description":"The user who last updated this entry"},"updatedAt":{"type":"string","format":"date-time","description":"ISO-8601 timestamp when this entry was last updated"}},"required":["name","note"]}}}} ``` ## The CustomBypassRequestItem object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CustomBypassRequestItem":{"type":"object","description":"A custom bypass entry for write operations.","properties":{"name":{"type":"string","maxLength":256,"description":"The name of the entity to bypass (application name or URL pattern)"},"note":{"type":"string","maxLength":256,"description":"Optional note about this bypass entry"}},"required":["name"]}}}} ``` ## The DefaultBypassItem object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"DefaultBypassItem":{"type":"object","description":"A read-only bypass entry pre-configured by Dope Security. Default entries cannot be\ncreated or deleted, but partners can set their state to ignored to prevent them from\nbeing enforced.\n","properties":{"name":{"type":"string","description":"The name of the default bypass entry (application name or URL pattern)"},"state":{"type":"string","enum":["applied","ignored"],"description":"Whether this default entry is applied or ignored for the policy"}},"required":["name","state"]}}}} ``` ## The BaseInheritance object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"BaseInheritance":{"type":"object","description":"Signals that settings are inherited from the base policy","properties":{"inheritsFromBase":{"type":"boolean","enum":[true],"description":"Always `true`. Signals that settings are inherited from the base policy."}},"required":["inheritsFromBase"]}}}} ``` ## The SslInspectionStateBody object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"SslInspectionStateBody":{"type":"object","description":"Set a custom SSL inspection state on a policy.","properties":{"state":{"type":"string","enum":["enabled","disabled"],"description":"The state of SSL inspection for this policy."}},"required":["state"]}}}} ``` ## The SslInspectionResponse object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"SslInspectionResponse":{"description":"SSL inspection configuration for a policy.","allOf":[{"$ref":"#/components/schemas/SslInspectionStateBody"},{"type":"object","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether SSL inspection is inherited from the Base Policy."}},"required":["inheritsFromBase"]}]},"SslInspectionStateBody":{"type":"object","description":"Set a custom SSL inspection state on a policy.","properties":{"state":{"type":"string","enum":["enabled","disabled"],"description":"The state of SSL inspection for this policy."}},"required":["state"]}}}} ``` ## The CategoryRestrictionUpdate object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CategoryRestrictionUpdate":{"type":"object","description":"Category restriction settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"Action applied when the category is matched"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]}}}} ``` ## The CustomCategoryRestrictionUpdate object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CustomCategoryRestrictionUpdate":{"type":"object","description":"Custom category restriction settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING","IGNORE"],"description":"Custom categories can be ignored, in addition to regular restrictions"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]}}}} ``` ## The CategoryException object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CategoryException":{"type":"object","description":"Per-entity override of a category restriction","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this entity"},"page":{"type":"string","description":"Optional block/warning page identifier"},"name":{"type":"string","description":"Human-readable entity name (returned on read APIs)"},"type":{"type":"string","enum":["users","groups"],"description":"Entity type (returned on read APIs)"}},"required":["restriction"]}}}} ``` ## The CategorySettings object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CategorySettings":{"type":"object","description":"Settings for a dope category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied when the category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"description":{"type":"string","description":"Category description"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]},"CategoryException":{"type":"object","description":"Per-entity override of a category restriction","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this entity"},"page":{"type":"string","description":"Optional block/warning page identifier"},"name":{"type":"string","description":"Human-readable entity name (returned on read APIs)"},"type":{"type":"string","enum":["users","groups"],"description":"Entity type (returned on read APIs)"}},"required":["restriction"]}}}} ``` ## The CustomCategorySettings object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CustomCategorySettings":{"type":"object","description":"Settings for a custom category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING","IGNORE"],"description":"The action applied when the custom category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]},"CategoryException":{"type":"object","description":"Per-entity override of a category restriction","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this entity"},"page":{"type":"string","description":"Optional block/warning page identifier"},"name":{"type":"string","description":"Human-readable entity name (returned on read APIs)"},"type":{"type":"string","enum":["users","groups"],"description":"Entity type (returned on read APIs)"}},"required":["restriction"]}}}} ``` ## The CategoryBlock object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CategoryBlock":{"type":"object","description":"Wrapper for category data with inheritance flag","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the categories are inherited from the base policy"},"restrictions":{"type":"object","description":"Category restrictions keyed by category name","additionalProperties":{"$ref":"#/components/schemas/CategorySettings"}}},"required":["inheritsFromBase","restrictions"]},"CategorySettings":{"type":"object","description":"Settings for a dope category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied when the category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"description":{"type":"string","description":"Category description"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]},"CategoryException":{"type":"object","description":"Per-entity override of a category restriction","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this entity"},"page":{"type":"string","description":"Optional block/warning page identifier"},"name":{"type":"string","description":"Human-readable entity name (returned on read APIs)"},"type":{"type":"string","enum":["users","groups"],"description":"Entity type (returned on read APIs)"}},"required":["restriction"]}}}} ``` ## The CustomCategoryBlock object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CustomCategoryBlock":{"type":"object","description":"Wrapper for custom category data with inheritance flag","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the custom categories are inherited from the base policy"},"restrictions":{"type":"object","description":"Custom category restrictions keyed by custom category name","additionalProperties":{"$ref":"#/components/schemas/CustomCategorySettings"}}},"required":["inheritsFromBase","restrictions"]},"CustomCategorySettings":{"type":"object","description":"Settings for a custom category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING","IGNORE"],"description":"The action applied when the custom category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]},"CategoryException":{"type":"object","description":"Per-entity override of a category restriction","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this entity"},"page":{"type":"string","description":"Optional block/warning page identifier"},"name":{"type":"string","description":"Human-readable entity name (returned on read APIs)"},"type":{"type":"string","enum":["users","groups"],"description":"Entity type (returned on read APIs)"}},"required":["restriction"]}}}} ``` ## The PolicyContentResponse object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"PolicyContentResponse":{"type":"object","properties":{"data":{"type":"object","properties":{"categories":{"$ref":"#/components/schemas/CategoryBlock"},"customCategories":{"$ref":"#/components/schemas/CustomCategoryBlock"}},"required":["categories","customCategories"]}},"required":["data"]},"CategoryBlock":{"type":"object","description":"Wrapper for category data with inheritance flag","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the categories are inherited from the base policy"},"restrictions":{"type":"object","description":"Category restrictions keyed by category name","additionalProperties":{"$ref":"#/components/schemas/CategorySettings"}}},"required":["inheritsFromBase","restrictions"]},"CategorySettings":{"type":"object","description":"Settings for a dope category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied when the category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"description":{"type":"string","description":"Category description"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]},"CategoryException":{"type":"object","description":"Per-entity override of a category restriction","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this entity"},"page":{"type":"string","description":"Optional block/warning page identifier"},"name":{"type":"string","description":"Human-readable entity name (returned on read APIs)"},"type":{"type":"string","enum":["users","groups"],"description":"Entity type (returned on read APIs)"}},"required":["restriction"]},"CustomCategoryBlock":{"type":"object","description":"Wrapper for custom category data with inheritance flag","properties":{"inheritsFromBase":{"type":"boolean","description":"Whether the custom categories are inherited from the base policy"},"restrictions":{"type":"object","description":"Custom category restrictions keyed by custom category name","additionalProperties":{"$ref":"#/components/schemas/CustomCategorySettings"}}},"required":["inheritsFromBase","restrictions"]},"CustomCategorySettings":{"type":"object","description":"Settings for a custom category","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING","IGNORE"],"description":"The action applied when the custom category is matched"},"page":{"type":"string","description":"Optional block/warning page identifier"},"exceptions":{"type":"object","description":"Per-entity overrides keyed by entity identifier","additionalProperties":{"$ref":"#/components/schemas/CategoryException"}}},"required":["restriction"]}}}} ``` ## The PolicyContentRestrictionsRequest object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"PolicyContentRestrictionsRequest":{"type":"object","description":"Request body for updating restrictions on dope and custom categories","properties":{"data":{"type":"object","properties":{"categories":{"oneOf":[{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CategoryRestrictionUpdate"}},{"$ref":"#/components/schemas/BaseInheritance"}],"description":"Restriction updates keyed by category name, or BaseInheritance to reset to base."},"customCategories":{"oneOf":[{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CustomCategoryRestrictionUpdate"}},{"$ref":"#/components/schemas/BaseInheritance"}],"description":"Restriction updates keyed by custom category name, or BaseInheritance to reset to base."}}}},"required":["data"]},"CategoryRestrictionUpdate":{"type":"object","description":"Category restriction settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"Action applied when the category is matched"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]},"BaseInheritance":{"type":"object","description":"Signals that settings are inherited from the base policy","properties":{"inheritsFromBase":{"type":"boolean","enum":[true],"description":"Always `true`. Signals that settings are inherited from the base policy."}},"required":["inheritsFromBase"]},"CustomCategoryRestrictionUpdate":{"type":"object","description":"Custom category restriction settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING","IGNORE"],"description":"Custom categories can be ignored, in addition to regular restrictions"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]}}}} ``` ## The CategoryExceptionUpdate object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"CategoryExceptionUpdate":{"type":"object","description":"Exception settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this user or group"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]}}}} ``` ## The PolicyContentExceptionsRequest object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"PolicyContentExceptionsRequest":{"type":"object","description":"Request body for updating user/group exceptions on categories","properties":{"data":{"type":"object","properties":{"categories":{"type":"object","description":"Exception updates keyed first by category name, then by user or group identifier.","additionalProperties":{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CategoryExceptionUpdate"}}},"customCategories":{"type":"object","description":"Exception updates keyed first by custom category name, then by user or group identifier.","additionalProperties":{"type":"object","additionalProperties":{"$ref":"#/components/schemas/CategoryExceptionUpdate"}}}}}},"required":["data"]},"CategoryExceptionUpdate":{"type":"object","description":"Exception settings used in write operations","properties":{"restriction":{"type":"string","enum":["ALLOW","BLOCK","WARNING"],"description":"The action applied for this user or group"},"page":{"type":"string","description":"Optional page identifier. Use with BLOCK and WARNING restrictions."}},"required":["restriction"]}}}} ``` ## The AdminSetState object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"AdminSetState":{"type":"object","properties":{"enabled":{"type":"boolean","description":"Indicates if endpoint is set to enabled or not by the admin"},"timestamp":{"type":"string","format":"date-time","description":"The timestamp when the admin last set the state of the endpoint"}}}}}} ``` ## The Endpoint object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"Endpoint":{"type":"object","properties":{"adminSetState":{"$ref":"#/components/schemas/AdminSetState"},"agentUUID":{"type":"string","format":"uuid","description":"the unique id of the endpoint"},"userUUID":{"type":"string","format":"uuid","description":"the unique id of the active user on the endpoint"},"agentVersion":{"type":"string","description":"the current version of the endpoint"},"binaryType":{"type":"string","description":"type of ISA for computer processors"},"cityName":{"type":"string","description":"the name of the city where the endpoint is located"},"region":{"type":"string","description":"the name of the region where the endpoint is located"},"countryName":{"type":"string","description":"the name of the country where the endpoint is located"},"cpuFamily":{"type":"string","description":"the type of CPU on the device hosting the endpoint"},"debugState":{"type":"string","description":"indicates the debug state of the endpoint. 0 means not in debug, 1 means set to debug, 2 means acknowledged receipt of debug request"},"deviceName":{"type":"string","description":"the name of the device hosting the endpoint"},"disableMode":{"type":"boolean","description":"indicates if the endpoint is disabled or not"},"errorMessage":{"type":"string","description":"additional details regarding an error"},"fallbackMode":{"type":"boolean","description":"indicates if the endpoint is in fallback mode"},"configurationLastUpdated":{"type":"string","format":"date-time","description":"the date and time when the endpoint last updated the configuration"},"osVersion":{"type":"string","description":"Operating System version of the device"},"policyName":{"type":"string","description":"name of the policy that is being used by the endpoint"},"realtimeConnection":{"type":"boolean","description":"indicates if the endpoint has an active web-socket connection"},"status":{"type":"string","description":"the current operational status of the endpoint"},"lastSeen":{"type":"string","format":"date-time","description":"the date and time when the endpoint was last seen"},"userId":{"type":"string","description":"the user id of the user that is using the endpoint. `userId` for OIDC users is usually their email address."},"emailId":{"type":"string","description":"the email of the user that is using the endpoint"}}},"AdminSetState":{"type":"object","properties":{"enabled":{"type":"boolean","description":"Indicates if endpoint is set to enabled or not by the admin"},"timestamp":{"type":"string","format":"date-time","description":"The timestamp when the admin last set the state of the endpoint"}}}}}} ``` ## The PaginationResponse object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"PaginationResponse":{"type":"object","description":"Information about current and next page for cursor based pagination","properties":{"endCursor":{"type":"string","description":"Opaque string representing a cursor to the last record returned in the response. Used for requesting the next page."},"hasNextPage":{"type":"boolean","description":"indicates if there is another page of data to fetch or not"}},"required":["endCursor","hasNextPage"]}}}} ``` ## The Errors object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"Errors":{"type":"object","description":"Error response containing a list of errors related to 400 and 500 http status","properties":{"errors":{"type":"array","minItems":1,"items":{"type":"object","properties":{"message":{"type":"string","description":"Error message"},"details":{"description":"Optional additional details regarding the error"}},"required":["message"]}}}}}}} ``` ## The OAuthError object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"OAuthError":{"type":"object","description":"The error response related OAuth tokens","properties":{"error":{"type":"string","description":"Specifies the OAuth error code string when the request for a token fails."}},"required":["error"]}}}} ``` ## The SuccessMessage object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"SuccessMessage":{"type":"object","description":"A simple message response indicating a successful operation","properties":{"message":{"type":"string","description":"Simple success message"}},"required":["message"]}}}} ``` ## The UrlBypassUpdateBody object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"UrlBypassUpdateBody":{"type":"object","description":"Payload for upserting URL bypass entries. At least one of `custom` or `default` must be provided. Unmentioned custom entries are preserved. Unknown default entry names are silently ignored.\n","properties":{"custom":{"type":"array","description":"Custom URL entries to upsert (matched by name).","items":{"$ref":"#/components/schemas/CustomBypassRequestItem"}},"default":{"type":"array","description":"Default URL entries with updated toggle states (matched by name).","items":{"$ref":"#/components/schemas/DefaultBypassItem"}}}},"CustomBypassRequestItem":{"type":"object","description":"A custom bypass entry for write operations.","properties":{"name":{"type":"string","maxLength":256,"description":"The name of the entity to bypass (application name or URL pattern)"},"note":{"type":"string","maxLength":256,"description":"Optional note about this bypass entry"}},"required":["name"]},"DefaultBypassItem":{"type":"object","description":"A read-only bypass entry pre-configured by Dope Security. Default entries cannot be\ncreated or deleted, but partners can set their state to ignored to prevent them from\nbeing enforced.\n","properties":{"name":{"type":"string","description":"The name of the default bypass entry (application name or URL pattern)"},"state":{"type":"string","enum":["applied","ignored"],"description":"Whether this default entry is applied or ignored for the policy"}},"required":["name","state"]}}}} ``` ## The ApplicationBypassUpdateBody object ```json {"openapi":"3.0.3","info":{"title":"Flightdeck - dope.security - Public API specification","version":"1.0.3"},"components":{"schemas":{"ApplicationBypassUpdateBody":{"type":"object","description":"Payload for upserting application bypass entries. At least one of `custom` or `default` must be provided. Under each, at least one of `mac` or `windows` must be provided. Unmentioned custom entries are preserved. Unknown default entry names are silently ignored.\n","properties":{"custom":{"type":"object","description":"Custom application entries to upsert (matched by name), keyed by platform.","properties":{"mac":{"type":"array","description":"Custom bypass apps on macOS.","items":{"$ref":"#/components/schemas/CustomBypassRequestItem"}},"windows":{"type":"array","description":"Custom bypass apps on Windows.","items":{"$ref":"#/components/schemas/CustomBypassRequestItem"}}}},"default":{"type":"object","description":"Default application entries with updated toggle states (matched by name), keyed by platform.","properties":{"mac":{"type":"array","description":"Default bypass apps on macOS.","items":{"$ref":"#/components/schemas/DefaultBypassItem"}},"windows":{"type":"array","description":"Default bypass apps on Windows.","items":{"$ref":"#/components/schemas/DefaultBypassItem"}}}}}},"CustomBypassRequestItem":{"type":"object","description":"A custom bypass entry for write operations.","properties":{"name":{"type":"string","maxLength":256,"description":"The name of the entity to bypass (application name or URL pattern)"},"note":{"type":"string","maxLength":256,"description":"Optional note about this bypass entry"}},"required":["name"]},"DefaultBypassItem":{"type":"object","description":"A read-only bypass entry pre-configured by Dope Security. Default entries cannot be\ncreated or deleted, but partners can set their state to ignored to prevent them from\nbeing enforced.\n","properties":{"name":{"type":"string","description":"The name of the default bypass entry (application name or URL pattern)"},"state":{"type":"string","enum":["applied","ignored"],"description":"Whether this default entry is applied or ignored for the policy"}},"required":["name","state"]}}}} ``` {% file src="/files/NrmEYK8EqWcYNM6CZklc" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://inflight.dope.security/dope.apis/public-api-specification.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.