Home
Version 3
Security Groups API

Security Groups API

Creating a Security Group

POST /v2/security_groups/

Request

Route

POST /v2/security_groups

Body

Name Description Default Valid Values Example Values
name The name of the security group.
  • my_super_sec_group
rules The egress rules for apps that belong to this security group. A rule consists of a protocol (tcp,icmp,udp,all), destination CIDR or destination range, port or port range (tcp,udp,all), type (control signal for icmp), code (control signal for icmp), log (enables logging for the egress rule, only valid for tcp rules), description (optional description of the rule). This field is limited to 16MB. []
  • [
      {
        "protocol": "tcp",
        "destination": "10.10.10.0/24",
        "ports": "443,80,8080"
      },
      {
        "protocol": "icmp",
        "destination": "10.10.10.0/24",
        "type": 8,
        "code": 0,
        "description": "Allow ping requests to private services"
      },
      {
        "protocol": "udp",
        "destination": "10.68.192.11-10.68.192.12",
        "ports": "123",
        "description": "Allow syncing with time server"
      },
      {
        "protocol": "tcp",
        "destination": "10.68.192.13",
        "ports": "4000-5000",
        "description": "Allow tcp requests using our custom protocol",
        "log": true
      },
      {
        "protocol": "all",
        "destination": "192.168.10.2-192.168.10.5",
        "log": true
      }
    ]
space_guids The list of associated spaces. []
{
  "name": "my_super_sec_group",
  "rules": [
    {
      "protocol": "tcp",
      "destination": "10.10.10.0/24",
      "ports": "443,80,8080"
    },
    {
      "protocol": "icmp",
      "destination": "10.10.10.0/24",
      "type": 8,
      "code": 0,
      "description": "Allow ping requests to private services"
    },
    {
      "protocol": "udp",
      "destination": "10.68.192.11-10.68.192.12",
      "ports": "123",
      "description": "Allow syncing with time server"
    },
    {
      "protocol": "tcp",
      "destination": "10.68.192.13",
      "ports": "4000-5000",
      "description": "Allow tcp requests using our custom protocol",
      "log": true
    },
    {
      "protocol": "all",
      "destination": "192.168.10.2-192.168.10.5",
      "log": true
    }
  ]
}

Headers

Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTEyIiwiZW1haWwiOiJlbWFpbC0xMkBzb21lZG9tYWluLmNvbSIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iXSwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiXSwiZXhwIjoxNDY2MDA4ODgyfQ.uHks09UfsuMMvSHWeSpsZ02dO-5CNcsBm5S6hCx5mgM
Host: example.org
Content-Type: application/x-www-form-urlencoded
Cookie: 

cURL

curl "https://api.[your-domain.com]/v2/security_groups" -d '{
  "name": "my_super_sec_group",
  "rules": [
    {
      "protocol": "tcp",
      "destination": "10.10.10.0/24",
      "ports": "443,80,8080"
    },
    {
      "protocol": "icmp",
      "destination": "10.10.10.0/24",
      "type": 8,
      "code": 0,
      "description": "Allow ping requests to private services"
    },
    {
      "protocol": "udp",
      "destination": "10.68.192.11-10.68.192.12",
      "ports": "123",
      "description": "Allow syncing with time server"
    },
    {
      "protocol": "tcp",
      "destination": "10.68.192.13",
      "ports": "4000-5000",
      "description": "Allow tcp requests using our custom protocol",
      "log": true
    },
    {
      "protocol": "all",
      "destination": "192.168.10.2-192.168.10.5",
      "log": true
    }
  ]
}' -X POST \
	-H "Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTEyIiwiZW1haWwiOiJlbWFpbC0xMkBzb21lZG9tYWluLmNvbSIsInNjb3BlIjpbImNsb3VkX2NvbnRyb2xsZXIuYWRtaW4iXSwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiXSwiZXhwIjoxNDY2MDA4ODgyfQ.uHks09UfsuMMvSHWeSpsZ02dO-5CNcsBm5S6hCx5mgM" \
	-H "Host: example.org" \
	-H "Content-Type: application/x-www-form-urlencoded" \
	-H "Cookie: "

Response

Status

201 Created

Body

{
  "metadata": {
    "guid": "b4bdfa5a-83b0-423d-b979-4b51218d0ca8",
    "url": "/v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8",
    "created_at": "2016-06-08T16:41:22Z",
    "updated_at": "2016-06-08T16:41:26Z"
  },
  "entity": {
    "name": "my_super_sec_group",
    "rules": [
       {
	  "protocol": "tcp",
	  "destination": "10.10.10.0/24",
	  "ports": "443,80,8080"
       },
       {
	  "protocol": "icmp",
	  "destination": "10.10.10.0/24",
	  "type": 8,
	  "code": 0,
	  "description": "Allow ping requests to private services"
       },
       {
	  "protocol": "udp",
	  "destination": "10.68.192.11-10.68.192.12",
	  "ports": "123",
	  "description": "Allow syncing with time server"
       },
       {
	  "protocol": "tcp",
	  "destination": "10.68.192.13",
	  "ports": "4000-5000",
	  "description": "Allow tcp requests using our custom protocol",
	  "log": true
       },
       {
	  "protocol": "all",
	  "destination": "192.168.10.2-192.168.10.5",
	  "log": true
       }
    ],
    "running_default": false,
    "staging_default": false,
    "spaces_url": "/v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8/spaces",
    "staging_spaces_url": "/v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8/staging_spaces"
  }
}

Headers

Content-Type: application/json;charset=utf-8
Location: /v2/security_groups/b4bdfa5a-83b0-423d-b979-4b51218d0ca8
X-VCAP-Request-ID: b5065f03-851b-4f28-a220-0f3468e4443b
Content-Length: 939
X-Content-Type-Options: nosniff