management.yml

consumes:
- application/json
produces:
- application/json
schemes:
- https
swagger: "2.0"
info:
  description: OpenZiti Edge Management API
  title: Ziti Edge Management
  contact:
    name: OpenZiti
    url: https://openziti.discourse.group
    email: help@openziti.org
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  version: 0.26.36
host: demo.ziti.dev
basePath: /edge/management/v1
paths:
  /:
    get:
      security: []
      tags:
      - Informational
      summary: Returns version information
      operationId: listRoot
      responses:
        "200":
          description: Version information for the controller
          schema:
            $ref: '#/definitions/listVersionEnvelope'
  /.well-known/est/cacerts:
    get:
      security: []
      description: |
        This endpoint is used during enrollments to bootstrap trust between enrolling clients and the Ziti Edge API.
        This endpoint returns a base64 encoded PKCS7 store. The content can be base64 decoded and parsed by any library
        that supports parsing PKCS7 stores.
      produces:
      - application/pkcs7-mime
      tags:
      - Well Known
      summary: Get CA Cert Store
      operationId: listWellKnownCas
      responses:
        "200":
          description: A base64 encoded PKCS7 store
          schema:
            type: string
            example: |
              MIIMUQYJKoZIhvcNAQcCoIIMQjCCDD4CAQExADALBgkqhkiG9w0BBwGgggwkMIIG
              BjCCA+6gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZcxCzAJBgNVBAYTAlVTMRcw
              FQYDVQQIDA5Ob3J0aCBDYXJvbGluYTESMBAGA1UEBwwJQ2hhcmxvdHRlMRMwEQYD
              VQQKDApOZXRGb3VuZHJ5MSkwJwYDVQQLDCBOZXRGb3VuZHJ5IENlcnRpZmljYXRl
              IEF1dGhvcml0eTEbMBkGA1UEAwwSTmV0Rm91bmRyeSBSb290IENBMB4XDTE4MDUx
              ODE2NTcyM1oXDTI4MDUxNTE2NTcyM1owgYsxCzAJBgNVBAYTAlVTMRcwFQYDVQQI
              DA5Ob3J0aCBDYXJvbGluYTETMBEGA1UECgwKTmV0Rm91bmRyeTEpMCcGA1UECwwg
              TmV0Rm91bmRyeSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIzAhBgNVBAMMGk5ldEZv
              dW5kcnkgSW50ZXJtZWRpYXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
              CgKCAgEAsb1EPhMUweS9WpjT7L54xAOmZqugJ6fhSrFfLUwNUy172q+ASvZTpT1z
              KIPcZpGmPB3TX2bHaAR67BbRkUR11JgWE3U8+FsGrYmPZtaKM6fg8Mh0WZ41oMYQ
              NJyQixOktrgqfybyJoT5PeT5AA7QQmd8mku2X9nkAu6gWPf2nHNc7SeQdijmyQQa
              VK3oqyaxOzWzsU/XbfMEz/ObkefUxgt5Z6jlK0xcW0Q+QgtawMKLUiuo6obWRPcl
              7Hm9Sze8XJS5pbvS5JkUszxoRZuDVHZylrlHIpA/IL+BnvS+M7SP28UWe9skrv/s
              6ACpJtuPJ1EYf5fakugOpY7i+hq7YNi//csbc49Qjn2OtttrR7JcTaHUEU1I/tQb
              QGAtNkI4pJjRVUdDawQFQlWHZD1COixNLErs2HzAI00DhLrY6SKITI/kjN0Xx010
              XdMcdfay0PLWm6RwxiRmMQFL4GNIC895NF1q6xV4W4rWgqUNlcvKpy+i1chWpRbU
              He16ul0qh10fcESrRvAbXn5YrQJLrwbSr+85ubN8lYdNLE0qg2cIXZlUilarZZzW
              ghtCe+KkUpjfRuAi/CqfSwNK3QXEfeVEK6S49mHeSekOizFIw7fmDhCz9vXwMOnb
              ryRSLEJks0gIRcSDVChXheAqC98y4kcQdniNWFnqJXoqA+rrSokCAwEAAaNmMGQw
              HQYDVR0OBBYEFK8UXC/sq6dGVFAqEXHsQDzqzwuUMB8GA1UdIwQYMBaAFEHz6RRu
              OuXj2mwAzOeUinfWeivpMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD
              AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBDAAaOE2Nbb49eOjyTNxIeOB+ZKQjJ1hUE
              gRrootAA8NYbtKW/vyxTWnNi5XOGXd4DFS9OKZ0mL/7NyLc0mbTwPH2ZT8KTPUTS
              Cpo6yktZ/7TMjyAtWZiOMg2EH+6m/nlNSXk/v5fb8+JQLdZfpxoA017dHh3tc8l7
              KOskCZNwQHgF/YMXrPXUNbsGkXRuJLtpjPw5O9GvPys7p+a1aJH1WCTly9zfB6j+
              rMF+UGCPDT30sxitVlohik83j6pKLgEAP/gi8nJbILlTP7ce+gJeHR2tfDvmK91X
              6QgCF2STUFBU7/9H1/pPRRykOxQpAd8xqSgqGEyp9Ie4tysZjwoUEnG8IVJ5ykrI
              Fximvnb4B+LABV9WEo08n8m1R8wEryrISi8fBPn3Pr5nuayOfFLa15CLTkZF40FN
              8ika1qNZy8bWRDwTZJQUUb7VCheRWcMwdZdNmhl3J+VZLpQ+ruW7b2ajwacHz5Nw
              BHKNcmxXb/4vHq/BnlcayHnSqT6036+OZQ+owDegcYmWV6LaM7xLErjHz2EE38M2
              YSiW5SU1zluDe+iHb6l3Gd3Fj/X1gkMWFgYh0XPMSUSyimLNYzy4THKzmWlcQNFo
              LLiIDbLrMt+vk+vBkIsNTTPXRJOFPBhmIF6uIUj+2YhzNotX/pQtqMKms3pPlmHq
              dH6biwygETCCBhYwggP+oAMCAQICCQDquKpymLJ5WzANBgkqhkiG9w0BAQsFADCB
              lzELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRIwEAYDVQQH
              DAlDaGFybG90dGUxEzARBgNVBAoMCk5ldEZvdW5kcnkxKTAnBgNVBAsMIE5ldEZv
              dW5kcnkgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDDBJOZXRGb3VuZHJ5
              IFJvb3QgQ0EwHhcNMTgwNTE4MTY1NDQ3WhcNMzgwNTEzMTY1NDQ3WjCBlzELMAkG
              A1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRIwEAYDVQQHDAlDaGFy
              bG90dGUxEzARBgNVBAoMCk5ldEZvdW5kcnkxKTAnBgNVBAsMIE5ldEZvdW5kcnkg
              Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRswGQYDVQQDDBJOZXRGb3VuZHJ5IFJvb3Qg
              Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKq/Xa+749Cr3WJGYD
              DIEtNKIRnTFc6TeiRSm/O7hG2+1Nrh/dObjZJuDjsopWP8NFA/DwlNyEphYKAeSw
              HDmu+4nFd6ifoeDE2lYq6bNhLcgN+A3MlN5Phb2rnO32YYZwHXGWov+jtd2gaK0f
              WsH8CQxn6n2v7qvPMTeYFP8p4jqTZw2bvZWw+LMYTFCy541DFqQLQasMg10mXRAV
              XO7Oa9y+D1re1zLq4wS6u8ItJoKzfmvZkMvD90C/tQ4u0iJaL7GB2SE9MOPDeGVv
              pnoSAIkSVmvRDUAj2x9PuukykzoL1OAWzc5Cg+5LxRmLejVE7PvPcHaTtNag2tRD
              w2vbMeFKN8NvQH1QYcaPWZe4Vl9b6DAuTaH5RN919H/F+ZHyjZybVPwC14lflneI
              KyNy8JEV/YMIbEADWnuiedzDehk2Opn+0+9Zr2X/xfjCo8iWHFbNaVnQX7wdRaOo
              783lEouncqe46FDBLBpyAuDKHQpIT3MK8rkC/1yBNxsH44vMweUZuK0u7PC9KHtm
              pQfuflYGfxA34kY6WU3jzyQHetoLYjoxTqNEEjuGpwy2o1j7RaCBEFIbYlnlbhpE
              WFTaQf96z2GQ6m1U3y7JyDflHSu9Fo1JNkG3qXsjDwda/6W7NRJRgdFrhnOwrm7F
              6L9X4P1HnzU/VJL66LwPmiHVjQIDAQABo2MwYTAdBgNVHQ4EFgQUQfPpFG465ePa
              bADM55SKd9Z6K+kwHwYDVR0jBBgwFoAUQfPpFG465ePabADM55SKd9Z6K+kwDwYD
              VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIB
              ACfU74aKWROaxnue8tZb5PFkEbnDRcRrKXRhnptA0vrgB4ydnYxX9hEBZD8o6PBy
              3rewvl5meSOBE6zyb4JD80lHdzHSVFIwbzsNOeEjCslv/PA/3Y+J7DCt6gPNMDeY
              uEssdqeSiMoYz2gnven4flSMKgTAJd3/SpVrn35HzXiU9MkmFVpPEMnTctOjw+Jn
              cCkG5+D9N14dxtgZ/tUfbH+GUfhyGVxRdPrX5KQqAyapMfEaMXXa8KNs7PG+sDiS
              WI+Sg9jUGtxgkfKdVNtFW+QMXyy7eT3iXPA+1r2hFAhgfIaGtBJUhxPHMhKtjbAg
              AX+6+2D3GAbaD1+lcQHhKry3hygQ3OX79FJW6zyPS0tiV/LfovHqX/3x9q5PTVBO
              wEOS2/LCc4R2M7S+HIPf4eSJ+nH4uCIdJ42WCror/mRsuL7geCksi70GHuCynP4y
              qQFszu/UtbBEsN8loTnLpOInxaGB1Y8UPm14b2Lo1/3HkoMVh0/UaHJ0TmnZ1r7m
              fGhfRyAZYRdvT1sB+Eb4b5A2zEZqsTc9IwFOhnI4ZilPoZ5s2xejqrVw3GSvovEh
              dprrQmvxuh+VQ23y/+/4z9b2xWyDu2zVveB4whqPe2rkgxJrEl4GfLk2DW+dN6j8
              3Zl4lPoUZYwzkC6raCaHyFlAoaTbqz0H6rvVJYxJPS6UoQAxAA==
  /api-sessions:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Returns a list of active API sessions. The resources can be sorted, filtered, and paginated. This endpoint
        requires admin access.
      produces:
      - application/json; charset=utf-8
      tags:
      - API Session
      summary: List active API sessions
      operationId: listAPISessions
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of active API Sessions
          schema:
            $ref: '#/definitions/listApiSessionsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /api-sessions/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single API Session by id. Requires admin access.
      tags:
      - API Session
      summary: Retrieves a single API Session
      operationId: detailAPISessions
      responses:
        "200":
          description: Retrieves a singular API Session by id
          schema:
            $ref: '#/definitions/detailApiSessionEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      description: Deletes and API sesion by id. Requires admin access.
      tags:
      - API Session
      summary: Deletes an API Sessions
      operationId: deleteAPISessions
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "403":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /auth-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of Auth Policies
      tags:
      - Auth Policy
      summary: List Auth Policies
      operationId: listAuthPolicies
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of Auth Policies
          schema:
            $ref: '#/definitions/listAuthPoliciesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Creates an Auth Policy. Requires admin access.
      tags:
      - Auth Policy
      summary: Creates an Auth Policy
      operationId: createAuthPolicy
      parameters:
      - description: An Auth Policy to create
        name: authPolicy
        in: body
        required: true
        schema:
          $ref: '#/definitions/authPolicyCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /auth-policies/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single Auth Policy by id. Requires admin access.
      tags:
      - Auth Policy
      summary: Retrieves a single Auth Policy
      operationId: detailAuthPolicy
      responses:
        "200":
          description: A singular Auth Policy resource
          schema:
            $ref: '#/definitions/detailAuthPolicyEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on an Auth Policy by id. Requires admin access.
      tags:
      - Auth Policy
      summary: Update all fields on an Auth Policy
      operationId: updateAuthPolicy
      parameters:
      - description: An Auth Policy update object
        name: authPolicy
        in: body
        required: true
        schema:
          $ref: '#/definitions/authPolicyUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Delete an Auth Policy by id. Requires admin access.
      tags:
      - Auth Policy
      summary: Delete an Auth Policy
      operationId: deleteAuthPolicy
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update only the supplied fields on an Auth Policy by id. Requires
        admin access.
      tags:
      - Auth Policy
      summary: Update the supplied fields on an Auth Policy
      operationId: patchAuthPolicy
      parameters:
      - description: An Auth Policy patch object
        name: authPolicy
        in: body
        required: true
        schema:
          $ref: '#/definitions/authPolicyPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /authenticate:
    post:
      security: []
      description: |
        Allowed authentication methods include "password", "cert", and "ext-jwt"
      tags:
      - Authentication
      summary: Authenticate via a method supplied via a query string parameter
      operationId: authenticate
      parameters:
      - name: auth
        in: body
        schema:
          $ref: '#/definitions/authenticate'
      responses:
        "200":
          description: The API session associated with the session used to issue the
            request
          schema:
            $ref: '#/definitions/currentApiSessionDetailEnvelope'
          examples:
            default:
              data:
                _links:
                  self:
                    href: ./current-api-session
                configTypes: []
                createdAt: "2020-03-09T19:03:49.1883693Z"
                expiresAt: "2020-03-09T19:34:21.5600897Z"
                id: 27343114-b44f-406e-9981-f3c4f2f28d54
                identity:
                  _links:
                    self:
                      href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d
                  id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d
                  name: Default Admin
                  urlName: identities
                tags:
                - userField1: 123
                - userField2: asdf
                token: 28bb0ed2-0577-4632-ae70-d17106b92871
                updatedAt: "2020-03-09T19:04:21.5600897Z"
              meta: {}
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The authentication request could not be processed as the credentials
            are invalid
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: INVALID_AUTH
                message: The authentication request failed
                requestId: 5952ed10-3091-474f-a691-47ebab6990dc
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    parameters:
    - enum:
      - password
      - cert
      - ext-jwt
      type: string
      name: method
      in: query
      required: true
  /authenticate/mfa:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Completes MFA authentication by submitting a MFA time based one
        time token or backup code.
      tags:
      - Authentication
      - MFA
      summary: Complete MFA authentication
      operationId: authenticateMfa
      parameters:
      - description: An MFA validation request
        name: mfaAuth
        in: body
        required: true
        schema:
          $ref: '#/definitions/mfaCode'
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /authenticators:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Returns a list of authenticators associated to identities. The resources can be sorted, filtered, and paginated.
        This endpoint requires admin access.
      tags:
      - Authenticator
      summary: List authenticators
      operationId: listAuthenticators
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of authenticators
          schema:
            $ref: '#/definitions/listAuthenticatorsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Creates an authenticator for a specific identity. Requires admin access.
      tags:
      - Authenticator
      summary: Creates an authenticator
      operationId: createAuthenticator
      parameters:
      - description: A Authenticator create object
        name: authenticator
        in: body
        required: true
        schema:
          $ref: '#/definitions/authenticatorCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /authenticators/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single authenticator by id. Requires admin access.
      tags:
      - Authenticator
      summary: Retrieves a single authenticator
      operationId: detailAuthenticator
      responses:
        "200":
          description: A singular authenticator resource
          schema:
            $ref: '#/definitions/detailAuthenticatorEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on an authenticator by id. Requires admin access.
      tags:
      - Authenticator
      summary: Update all fields on an authenticator
      operationId: updateAuthenticator
      parameters:
      - description: An authenticator put object
        name: authenticator
        in: body
        required: true
        schema:
          $ref: '#/definitions/authenticatorUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Delete an authenticator by id. Deleting all authenticators for an identity will make it impossible to log in.
        Requires admin access.
      tags:
      - Authenticator
      summary: Delete an Authenticator
      operationId: deleteAuthenticator
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on an authenticator by id. Requires
        admin access.
      tags:
      - Authenticator
      summary: Update the supplied fields on an authenticator
      operationId: patchAuthenticator
      parameters:
      - description: An authenticator patch object
        name: authenticator
        in: body
        required: true
        schema:
          $ref: '#/definitions/authenticatorPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /authenticators/{id}/re-enroll:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: "Allows an authenticator to be reverted to an enrollment and allows
        re-enrollment to occur. On success the \ncreated enrollment record response
        is provided and the source authenticator record will be deleted. The \nenrollment
        created depends on the authenticator. UPDB authenticators result in UPDB enrollments,
        CERT\nauthenticators result in OTT enrollments, CERT + CA authenticators result
        in OTTCA enrollments.\n"
      tags:
      - Authenticator
      summary: Reverts an authenticator to an enrollment
      operationId: reEnrollAuthenticator
      parameters:
      - description: A reEnrollment request
        name: reEnroll
        in: body
        required: true
        schema:
          $ref: '#/definitions/reEnroll'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /cas:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of CA resources; supports filtering, sorting,
        and pagination. Requires admin access.
      tags:
      - Certificate Authority
      summary: List CAs
      operationId: listCas
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of Certificate Authorities (CAs)
          schema:
            $ref: '#/definitions/listCasEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Creates a CA in an unverified state. Requires admin access.
      tags:
      - Certificate Authority
      summary: Creates a CA
      operationId: createCa
      parameters:
      - description: A CA to create
        name: ca
        in: body
        required: true
        schema:
          $ref: '#/definitions/caCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /cas/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single CA by id. Requires admin access.
      tags:
      - Certificate Authority
      summary: Retrieves a single CA
      operationId: detailCa
      responses:
        "200":
          description: A singular Certificate Authority (CA) resource
          schema:
            $ref: '#/definitions/detailCaEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a CA by id. Requires admin access.
      tags:
      - Certificate Authority
      summary: Update all fields on a CA
      operationId: updateCa
      parameters:
      - description: A CA update object
        name: ca
        in: body
        required: true
        schema:
          $ref: '#/definitions/caUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Delete a CA by id. Deleting a CA will delete its associated certificate authenticators. This can make it
        impossible for identities to authenticate if they no longer have any valid authenticators. Requires admin access.
      tags:
      - Certificate Authority
      summary: Delete a CA
      operationId: deleteCa
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update only the supplied fields on a CA by id. Requires admin access.
      tags:
      - Certificate Authority
      summary: Update the supplied fields on a CA
      operationId: patchCa
      parameters:
      - description: A CA patch object
        name: ca
        in: body
        required: true
        schema:
          $ref: '#/definitions/caPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /cas/{id}/jwt:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        For CA auto enrollment, the enrollment JWT is static and provided on each CA resource. This endpoint provides
        the jwt as a text response.
      produces:
      - application/jwt
      tags:
      - Certificate Authority
      summary: Retrieve the enrollment JWT for a CA
      operationId: getCaJwt
      responses:
        "200":
          description: The result is the JWT text to validate the CA
          schema:
            type: string
          examples:
            application/jwt: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6ImNhIiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6MTI
              4MC8ifQ.Ot6lhNBSOw8ygHytdI5l7WDf9EWadOj44UPvJ0c-8mJ54fClWM3uMZrAHSSfV6KmOSZOeBBJe4VlNyoD-_MOECP0BzYSnSQP3E
              zJb0VlM-fFmGcKNGW157icyZNISfO43JL_Lw2QPBzTgikqSIj9eZnocC3BeAmZCHsVznnLfHWqDldcmuxnu-5MNOSrWV1x9iVcgLFlLHXK
              2PLA4qIiZmlQTrQjpHJmUaoJ07mnj8hMKzxB3wBG8kpazjEo7HDRCO06aBH4eqFgf_l0iT8Dzcb31jquWMGUoSXPhf4lVJh_FiNcR1wVx-
              UiHLbG5h23Aqf1UJF-F38rc1FElKz0Zg
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /cas/{id}/verify:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Allows a CA to become verified by submitting a certificate in PEM format that has been signed by the target CA.
        The common name on the certificate must match the verificationToken property of the CA. Unverfieid CAs can not
        be used for enrollment/authentication. Requires admin access.
      consumes:
      - text/plain
      tags:
      - Certificate Authority
      summary: Verify a CA
      operationId: verifyCa
      parameters:
      - description: A PEM formatted certificate signed by the target CA with the
          common name matching the CA's validationToken
        name: certificate
        in: body
        required: true
        schema:
          type: string
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /config-types:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of config-type resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Config
      summary: List config-types
      operationId: listConfigTypes
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of config-types
          schema:
            $ref: '#/definitions/listConfigTypesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      tags:
      - Config
      summary: Create a config-type. Requires admin access.
      operationId: createConfigType
      parameters:
      - description: A config-type to create
        name: configType
        in: body
        required: true
        schema:
          $ref: '#/definitions/configTypeCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /config-types/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single config-type by id. Requires admin access.
      tags:
      - Config
      summary: Retrieves a single config-type
      operationId: detailConfigType
      responses:
        "200":
          description: A singular config-type resource
          schema:
            $ref: '#/definitions/detailConfigTypeEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a config-type by id. Requires admin access.
      tags:
      - Config
      summary: Update all fields on a config-type
      operationId: updateConfigType
      parameters:
      - description: A config-type update object
        name: configType
        in: body
        required: true
        schema:
          $ref: '#/definitions/configTypeUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a config-type by id. Removing a configuration type that
        are in use will result in a 409 conflict HTTP status code and error. All configurations
        of a type must be removed first.
      tags:
      - Config
      summary: Delete a config-type
      operationId: deleteConfigType
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a config-type. Requires admin access.
      tags:
      - Config
      summary: Update the supplied fields on a config-type
      operationId: patchConfigType
      parameters:
      - description: A config-type patch object
        name: configType
        in: body
        required: true
        schema:
          $ref: '#/definitions/configTypePatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /config-types/{id}/configs:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Lists the configs associated to a config-type. Requires admin access.
      tags:
      - Config
      summary: Lists the configs of a specific config-type
      operationId: listConfigsForConfigType
      responses:
        "200":
          description: A list of configs
          schema:
            $ref: '#/definitions/listConfigsEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /configs:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Config
      summary: List configs
      operationId: listConfigs
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of configs
          schema:
            $ref: '#/definitions/listConfigsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a config resource. Requires admin access.
      tags:
      - Config
      summary: Create a config resource
      operationId: createConfig
      parameters:
      - description: A config to create
        name: config
        in: body
        required: true
        schema:
          $ref: '#/definitions/configCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /configs/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single config by id. Requires admin access.
      tags:
      - Config
      summary: Retrieves a single config
      operationId: detailConfig
      responses:
        "200":
          description: A singular config resource
          schema:
            $ref: '#/definitions/detailConfigEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a config by id. Requires admin access.
      tags:
      - Config
      summary: Update all fields on a config
      operationId: updateConfig
      parameters:
      - description: A config update object
        name: config
        in: body
        required: true
        schema:
          $ref: '#/definitions/configUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a config by id. Requires admin access.
      tags:
      - Config
      summary: Delete a config
      operationId: deleteConfig
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a config. Requires admin access.
      tags:
      - Config
      summary: Update the supplied fields on a config
      operationId: patchConfig
      parameters:
      - description: A config patch object
        name: config
        in: body
        required: true
        schema:
          $ref: '#/definitions/configPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /configs/{id}/services:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of service resources that reference a given config; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Config
      summary: List services referenced by a config
      operationId: listConfigServices
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of services
          schema:
            $ref: '#/definitions/listServicesEnvelope'
        "400":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /controllers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of controllers
      tags:
      - Controllers
      summary: List controllers
      operationId: listControllers
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of controllers
          schema:
            $ref: '#/definitions/listControllersEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /current-api-session:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves the API session that was used to issue the current request
      tags:
      - Current API Session
      summary: Return the current API session
      operationId: getCurrentAPISession
      responses:
        "200":
          description: The API session associated with the session used to issue the
            request
          schema:
            $ref: '#/definitions/currentApiSessionDetailEnvelope'
          examples:
            default:
              data:
                _links:
                  self:
                    href: ./current-api-session
                configTypes: []
                createdAt: "2020-03-09T19:03:49.1883693Z"
                expiresAt: "2020-03-09T19:34:21.5600897Z"
                id: 27343114-b44f-406e-9981-f3c4f2f28d54
                identity:
                  _links:
                    self:
                      href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d
                  id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d
                  name: Default Admin
                  urlName: identities
                tags:
                - userField1: 123
                - userField2: asdf
                token: 28bb0ed2-0577-4632-ae70-d17106b92871
                updatedAt: "2020-03-09T19:04:21.5600897Z"
              meta: {}
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Terminates the current API session
      tags:
      - Current API Session
      summary: Logout
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /current-identity:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Returns the identity associated with the API sessions used to issue
        the current request
      tags:
      - Current Identity
      summary: Return the current identity
      operationId: getCurrentIdentity
      responses:
        "200":
          description: The identity associated with the API Session used to issue
            the request
          schema:
            $ref: '#/definitions/currentIdentityDetailEnvelope'
          examples:
            default:
              data:
                _links:
                  edge-router-policies:
                    href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d/edge-routers
                  self:
                    href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d
                  service-policies:
                    href: ./identities/66352d7b-a6b2-4ce9-85bb-9f18e318704d/identities
                authenticators:
                  updb:
                    username: admin
                createdAt: "2020-01-13T16:38:13.6854788Z"
                enrollment: {}
                id: 66352d7b-a6b2-4ce9-85bb-9f18e318704d
                isAdmin: true
                isDefaultAdmin: true
                name: Default Admin
                roleAttributes: []
                tags: {}
                type:
                  _links:
                    self:
                      href: ./identity-types/User
                  id: User
                  name: User
                  urlName: identity-types
                updatedAt: "2020-01-13T16:38:13.6854788Z"
              meta: {}
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /current-identity/authenticators:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of authenticators assigned to the current API
        session's identity; supports filtering, sorting, and pagination.
      tags:
      - Current API Session
      summary: List authenticators for the current identity
      operationId: listCurrentIdentityAuthenticators
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of authenticators
          schema:
            $ref: '#/definitions/listAuthenticatorsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /current-identity/authenticators/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single authenticator by id. Will only show authenticators
        assigned to the API session's identity.
      tags:
      - Current API Session
      summary: Retrieve an authenticator for the current identity
      operationId: detailCurrentIdentityAuthenticator
      responses:
        "200":
          description: A singular authenticator resource
          schema:
            $ref: '#/definitions/detailAuthenticatorEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Update all fields on an authenticator by id.  Will only update authenticators assigned to the API session's
        identity.
      tags:
      - Current API Session
      summary: Update all fields on an authenticator of this identity
      operationId: updateCurrentIdentityAuthenticator
      parameters:
      - description: An authenticator put object
        name: authenticator
        in: body
        required: true
        schema:
          $ref: '#/definitions/authenticatorUpdateWithCurrent'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Update the supplied fields on an authenticator by id. Will only update authenticators assigned to the API
        session's identity.
      tags:
      - Current API Session
      summary: Update the supplied fields on an authenticator of this identity
      operationId: patchCurrentIdentityAuthenticator
      parameters:
      - description: An authenticator patch object
        name: authenticator
        in: body
        required: true
        schema:
          $ref: '#/definitions/authenticatorPatchWithCurrent'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /current-identity/authenticators/{id}/extend:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |-
        This endpoint only functions for certificates issued by the controller. 3rd party certificates are not handled.
        Allows an identity to extend its certificate's expiration date by using its current and valid client certificate to submit a CSR. This CSR may be passed in using a new private key, thus allowing private key rotation.
        The response from this endpoint is a new client certificate which the client must  be verified via the /authenticators/{id}/extend-verify endpoint.
        After verification is completion any new connections must be made with new certificate. Prior to verification the old client certificate remains active.
      tags:
      - Current API Session
      - Enroll
      - Extend Enrollment
      summary: Allows the current identity to recieve a new certificate associated
        with a certificate based authenticator
      operationId: extendCurrentIdentityAuthenticator
      parameters:
      - name: extend
        in: body
        required: true
        schema:
          $ref: '#/definitions/identityExtendEnrollmentRequest'
      responses:
        "200":
          description: A response containg the identity's new certificate
          schema:
            $ref: '#/definitions/identityExtendEnrollmentEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /current-identity/authenticators/{id}/extend-verify:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |-
        After submitting a CSR for a new client certificate the resulting public certificate must be re-submitted to this endpoint to verify receipt.
        After receipt, the new client certificate must be used for new authentication requests.
      tags:
      - Current API Session
      - Enroll
      - Extend Enrollment
      summary: Allows the current identity to validate reciept of a new client certificate
      operationId: extendVerifyCurrentIdentityAuthenticator
      parameters:
      - name: extend
        in: body
        required: true
        schema:
          $ref: '#/definitions/identityExtendValidateEnrollmentRequest'
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /current-identity/mfa:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Returns details about the current MFA enrollment. If enrollment has not been completed it will return the current MFA configuration details necessary to complete a `POST /current-identity/mfa/verify`.
      tags:
      - Current Identity
      - MFA
      summary: Returns the current status of MFA enrollment
      operationId: detailMfa
      responses:
        "200":
          description: The details of an MFA enrollment
          schema:
            $ref: '#/definitions/detailMfaEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Allows authenticator based MFA enrollment. If enrollment has already been completed, it must be disabled before attempting to re-enroll. Subsequent enrollment request is completed via `POST /current-identity/mfa/verify`
      tags:
      - Current Identity
      - MFA
      summary: Initiate MFA enrollment
      operationId: enrollMfa
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The identity is already enrolled in MFA
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args: null
                cause: null
                causeMessage: ""
                code: ALREADY_MFA_ENROLLED
                message: The identity is already enrolled in MFA
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Disable MFA for the current identity. Requires a current valid time based one time password if MFA enrollment has been completed. If not, code should be an empty string. If one time passwords are not available and admin account can be used to remove MFA from the identity via `DELETE /identities/<id>/mfa`.
      tags:
      - Current Identity
      - MFA
      summary: Disable MFA for the current identity
      operationId: deleteMfa
      parameters:
      - type: string
        name: mfa-validation-code
        in: header
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /current-identity/mfa/qr-code:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Shows an QR code image for unverified MFA enrollments. 404s if the MFA enrollment has been completed or not started.
      produces:
      - image/png
      - application/json
      tags:
      - Current Identity
      - MFA
      summary: Show a QR code for unverified MFA enrollments
      operationId: detailMfaQrCode
      responses:
        "200":
          description: OK
        "404":
          description: No MFA enrollment or MFA enrollment is completed
  /current-identity/mfa/recovery-codes:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Allows the viewing of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment.
      tags:
      - Current Identity
      - MFA
      summary: For a completed MFA enrollment view the current recovery codes
      operationId: detailMfaRecoveryCodes
      parameters:
      - description: An MFA validation request
        name: mfaValidation
        in: body
        schema:
          $ref: '#/definitions/mfaCode'
      - type: string
        name: mfa-validation-code
        in: header
      responses:
        "200":
          description: The recovery codes of an MFA enrollment
          schema:
            $ref: '#/definitions/detailMfaRecoveryCodesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Allows regeneration of recovery codes of an MFA enrollment. Requires a current valid time based one time password to interact with. Available after a completed MFA enrollment. This replaces all existing recovery codes.
      tags:
      - Current Identity
      - MFA
      summary: For a completed MFA enrollment regenerate the recovery codes
      operationId: createMfaRecoveryCodes
      parameters:
      - description: An MFA validation request
        name: mfaValidation
        in: body
        required: true
        schema:
          $ref: '#/definitions/mfaCode'
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /current-identity/mfa/verify:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Completes MFA enrollment by accepting a time based one time password as verification. Called after MFA enrollment has been initiated via `POST /current-identity/mfa`.
      tags:
      - Current Identity
      - MFA
      summary: Complete MFA enrollment by verifying a time based one time token
      operationId: verifyMfa
      parameters:
      - description: An MFA validation request
        name: mfaValidation
        in: body
        required: true
        schema:
          $ref: '#/definitions/mfaCode'
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /database/check-data-integrity:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Starts a data integrity scan on the datastore. Requires admin access.
        Only once instance may run at a time, including runs of fixDataIntegrity.
      tags:
      - Database
      summary: Starts a data integrity scan on the datastore
      operationId: checkDataIntegrity
      responses:
        "202":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /database/data-integrity-results:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Returns any results found from in-progress integrity checks. Requires
        admin access.
      tags:
      - Database
      summary: Returns any results found from in-progress integrity checks
      operationId: dataIntegrityResults
      responses:
        "200":
          description: A list of data integrity issues found
          schema:
            $ref: '#/definitions/dataIntegrityCheckResultEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /database/fix-data-integrity:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Runs a data integrity scan on the datastore, attempts to fix any
        issues it can, and returns any found issues. Requires admin access. Only once
        instance may run at a time, including runs of checkDataIntegrity.
      tags:
      - Database
      summary: Runs a data integrity scan on the datastore, attempts to fix any issues
        it can and returns any found issues
      operationId: fixDataIntegrity
      responses:
        "202":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /database/snapshot:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a new database snapshot. Requires admin access.
      tags:
      - Database
      summary: Create a new database snapshot
      operationId: createDatabaseSnapshot
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /edge-router-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of edge router policy resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Edge Router Policy
      summary: List edge router policies
      operationId: listEdgeRouterPolicies
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of edge router policies
          schema:
            $ref: '#/definitions/listEdgeRouterPoliciesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create an edge router policy resource. Requires admin access.
      tags:
      - Edge Router Policy
      summary: Create an edge router policy resource
      operationId: createEdgeRouterPolicy
      parameters:
      - description: An edge router policy to create
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/edgeRouterPolicyCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /edge-router-policies/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single edge router policy by id. Requires admin access.
      tags:
      - Edge Router Policy
      summary: Retrieves a single edge router policy
      operationId: detailEdgeRouterPolicy
      responses:
        "200":
          description: A single edge router policy
          schema:
            $ref: '#/definitions/detailEdgeRouterPolicyEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on an edge router policy by id. Requires admin
        access.
      tags:
      - Edge Router Policy
      summary: Update all fields on an edge router policy
      operationId: updateEdgeRouterPolicy
      parameters:
      - description: An edge router policy update object
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/edgeRouterPolicyUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete an edge router policy by id. Requires admin access.
      tags:
      - Edge Router Policy
      summary: Delete an edge router policy
      operationId: deleteEdgeRouterPolicy
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on an edge router policy. Requires admin
        access.
      tags:
      - Edge Router Policy
      summary: Update the supplied fields on an edge router policy
      operationId: patchEdgeRouterPolicy
      parameters:
      - description: An edge router policy patch object
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/edgeRouterPolicyPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-router-policies/{id}/edge-routers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of edge routers an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Edge Router Policy
      summary: List edge routers a policy affects
      operationId: listEdgeRouterPolicyEdgeRouters
      responses:
        "200":
          description: A list of edge routers
          schema:
            $ref: '#/definitions/listEdgeRoutersEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-router-policies/{id}/identities:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of identities an edge router policy resources affects; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Edge Router Policy
      summary: List identities an edge router policy affects
      operationId: listEdgeRouterPolicyIdentities
      responses:
        "200":
          description: A list of identities
          schema:
            $ref: '#/definitions/listIdentitiesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-router-role-attributes:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of role attributes in use by edge routers; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Role Attributes
      summary: List role attributes in use by edge routers
      operationId: listEdgeRouterRoleAttributes
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of role attributes
          schema:
            $ref: '#/definitions/listRoleAttributesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /edge-routers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of edge router resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Edge Router
      summary: List edge routers
      operationId: listEdgeRouters
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      - type: array
        items:
          type: string
        collectionFormat: multi
        name: roleFilter
        in: query
      - type: string
        name: roleSemantic
        in: query
      responses:
        "200":
          description: A list of edge routers
          schema:
            $ref: '#/definitions/listEdgeRoutersEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a edge router resource. Requires admin access.
      tags:
      - Edge Router
      summary: Create an edge router
      operationId: createEdgeRouter
      parameters:
      - description: A edge router to create
        name: edgeRouter
        in: body
        required: true
        schema:
          $ref: '#/definitions/edgeRouterCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /edge-routers/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single edge router by id. Requires admin access.
      tags:
      - Edge Router
      summary: Retrieves a single edge router
      operationId: detailEdgeRouter
      responses:
        "200":
          description: A singular edge router resource
          schema:
            $ref: '#/definitions/detailedEdgeRouterEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on an edge router by id. Requires admin access.
      tags:
      - Edge Router
      summary: Update all fields on an edge router
      operationId: updateEdgeRouter
      parameters:
      - description: An edge router update object
        name: edgeRouter
        in: body
        required: true
        schema:
          $ref: '#/definitions/edgeRouterUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete an edge router by id. Requires admin access.
      tags:
      - Edge Router
      summary: Delete an edge router
      operationId: deleteEdgeRouter
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on an edge router. Requires admin access.
      tags:
      - Edge Router
      summary: Update the supplied fields on an edge router
      operationId: patchEdgeRouter
      parameters:
      - description: An edge router patch object
        name: edgeRouter
        in: body
        required: true
        schema:
          $ref: '#/definitions/edgeRouterPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-routers/{id}/edge-router-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of edge router policies that apply to the specified
        edge router.
      tags:
      - Edge Router
      summary: List the edge router policies that affect an edge router
      operationId: listEdgeRouterEdgeRouterPolicies
      responses:
        "200":
          description: A list of edge router policies
          schema:
            $ref: '#/definitions/listEdgeRouterPoliciesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-routers/{id}/identities:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of identities that may access services via the given edge router. Supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Edge Router
      summary: List associated identities
      operationId: listEdgeRouterIdentities
      responses:
        "200":
          description: A list of identities
          schema:
            $ref: '#/definitions/listIdentitiesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-routers/{id}/re-enroll:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Removes current certificate based authentication mechanisms and reverts the edge router into a state where enrollment must be performed.
        The router retains all other properties and associations. If the router is currently connected, it will be disconnected and any
        attemps to reconnect will fail until the enrollment process is completed with the newly generated JWT.

        If the edge router has an existing outstanding enrollment JWT it will be replaced. The previous JWT will no longer be usable to
        complete the enrollment process.
      tags:
      - Edge Router
      summary: Re-enroll an edge router
      operationId: reEnrollEdgeRouter
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-routers/{id}/service-edge-router-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of service policies policies that apply to the
        specified edge router.
      tags:
      - Edge Router
      summary: List the service policies that affect an edge router
      operationId: listEdgeRouterServiceEdgeRouterPolicies
      responses:
        "200":
          description: A list of service policies
          schema:
            $ref: '#/definitions/listServicePoliciesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /edge-routers/{id}/services:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of services that may be accessed via the given edge router. Supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Edge Router
      summary: List associated services
      operationId: listEdgeRouterServices
      responses:
        "200":
          description: A list of services
          schema:
            $ref: '#/definitions/listServicesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /enrollments:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of outstanding enrollments; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Enrollment
      summary: List outstanding enrollments
      operationId: listEnrollments
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of enrollments
          schema:
            $ref: '#/definitions/listEnrollmentsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Creates a new OTT, OTTCA, or UPDB enrollment for a specific identity.
        If an enrollment of the same type is already outstanding the request will
        fail with a 409 conflict. If desired, an existing enrollment can be refreshed
        by `enrollments/:id/refresh` or deleted.
      tags:
      - Enrollment
      summary: Create an outstanding enrollment for an identity
      operationId: createEnrollment
      parameters:
      - description: An enrollment to create
        name: enrollment
        in: body
        required: true
        schema:
          $ref: '#/definitions/enrollmentCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The request could not be completed due to a conflict of configuration
            or state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /enrollments/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single outstanding enrollment by id. Requires admin
        access.
      tags:
      - Enrollment
      summary: Retrieves an outstanding enrollment
      operationId: detailEnrollment
      responses:
        "200":
          description: A singular enrollment resource
          schema:
            $ref: '#/definitions/detailEnrollmentEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete an outstanding enrollment by id. Requires admin access.
      tags:
      - Enrollment
      summary: Delete an outstanding enrollment
      operationId: deleteEnrollment
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /enrollments/{id}/refresh:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: For expired or unexpired enrollments, reset the expiration window.
        A new JWT will be generated and must be used for the enrollment.
      tags:
      - Enrollment
      summary: Refreshes an enrollment record's expiration window
      operationId: refreshEnrollment
      parameters:
      - description: An enrollment refresh request
        name: refresh
        in: body
        required: true
        schema:
          $ref: '#/definitions/enrollmentRefresh'
      responses:
        "200":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /enumerated-capabilities:
    get:
      security: []
      tags:
      - Informational
      summary: Returns all capabilities this version of the controller is aware of,
        enabled or not.
      operationId: listEnumeratedCapabilities
      responses:
        "200":
          description: A typed and enumerated list of capabilities
          schema:
            $ref: '#/definitions/listEnumeratedCapabilitiesEnvelope'
  /external-jwt-signers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of external JWT signers for authentication
      tags:
      - External JWT Signer
      summary: List External JWT Signers
      operationId: listExternalJwtSigners
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of External JWT Signers
          schema:
            $ref: '#/definitions/listExternalJwtSignersEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Creates an External JWT Signer. Requires admin access.
      tags:
      - External JWT Signer
      summary: Creates an External JWT Signer
      operationId: createExternalJwtSigner
      parameters:
      - description: An External JWT Signer to create
        name: externalJwtSigner
        in: body
        required: true
        schema:
          $ref: '#/definitions/externalJwtSignerCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /external-jwt-signers/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single External JWT Signer by id. Requires admin access.
      tags:
      - External JWT Signer
      summary: Retrieves a single External JWT Signer
      operationId: detailExternalJwtSigner
      responses:
        "200":
          description: A singular External JWT Signer resource
          schema:
            $ref: '#/definitions/detailExternalJwtSignerEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on an External JWT Signer by id. Requires admin
        access.
      tags:
      - External JWT Signer
      summary: Update all fields on an External JWT Signer
      operationId: updateExternalJwtSigner
      parameters:
      - description: An External JWT Signer update object
        name: externalJwtSigner
        in: body
        required: true
        schema:
          $ref: '#/definitions/externalJwtSignerUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Delete an External JWT Signer by id. Requires admin access.
      tags:
      - External JWT Signer
      summary: Delete an External JWT Signer
      operationId: deleteExternalJwtSigner
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update only the supplied fields on an External JWT Signer by id.
        Requires admin access.
      tags:
      - External JWT Signer
      summary: Update the supplied fields on an External JWT Signer
      operationId: patchExternalJwtSigner
      parameters:
      - description: An External JWT Signer patch object
        name: externalJwtSigner
        in: body
        required: true
        schema:
          $ref: '#/definitions/externalJwtSignerPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of identity resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Identity
      summary: List identities
      operationId: listIdentities
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      - type: array
        items:
          type: string
        collectionFormat: multi
        name: roleFilter
        in: query
      - type: string
        name: roleSemantic
        in: query
      responses:
        "200":
          description: A list of identities
          schema:
            $ref: '#/definitions/listIdentitiesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create an identity resource. Requires admin access.
      tags:
      - Identity
      summary: Create an identity resource
      operationId: createIdentity
      parameters:
      - description: An identity to create
        name: identity
        in: body
        required: true
        schema:
          $ref: '#/definitions/identityCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /identities/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single identity by id. Requires admin access.
      tags:
      - Identity
      summary: Retrieves a single identity
      operationId: detailIdentity
      responses:
        "200":
          description: A single identity
          schema:
            $ref: '#/definitions/detailIdentityEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on an identity by id. Requires admin access.
      tags:
      - Identity
      summary: Update all fields on an identity
      operationId: updateIdentity
      parameters:
      - description: An identity update object
        name: identity
        in: body
        required: true
        schema:
          $ref: '#/definitions/identityUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete an identity by id. Requires admin access.
      tags:
      - Identity
      summary: Delete an identity
      operationId: deleteIdentity
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on an identity. Requires admin access.
      tags:
      - Identity
      summary: Update the supplied fields on an identity
      operationId: patchIdentity
      parameters:
      - description: An identity patch object
        name: identity
        in: body
        required: true
        schema:
          $ref: '#/definitions/identityPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/authenticators:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Returns a list of authenticators associated to the identity specified
      tags:
      - Identity
      summary: Retrieve the current authenticators of a specific identity
      operationId: getIdentityAuthenticators
      responses:
        "200":
          description: A list of authenticators
          schema:
            $ref: '#/definitions/listAuthenticatorsEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/disable:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Reject an identity's API session requests for N minutes or indefinitely if 0.
      tags:
      - Identity
      summary: Set an identity as disabled
      operationId: disableIdentity
      parameters:
      - description: Disable parameters
        name: disable
        in: body
        required: true
        schema:
          $ref: '#/definitions/disableParams'
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/edge-router-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of edge router policies that apply to the specified
        identity.
      tags:
      - Identity
      summary: List the edge router policies that affect an identity
      operationId: listIdentitysEdgeRouterPolicies
      responses:
        "200":
          description: A list of edge router policies
          schema:
            $ref: '#/definitions/listEdgeRouterPoliciesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/edge-routers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of edge-routers that the given identity may use to access services. Supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Identity
      summary: List accessible edge-routers
      operationId: listIdentityEdgeRouters
      responses:
        "200":
          description: A list of edge routers
          schema:
            $ref: '#/definitions/listEdgeRoutersEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/enable:
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Allows an admin to remove disabled statuses from an identity.
      tags:
      - Identity
      summary: Clears all disabled state from an identity
      operationId: enableIdentity
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/enrollments:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Returns a list of enrollments associated to the identity specified
      tags:
      - Identity
      summary: Retrieve the current enrollments of a specific identity
      operationId: getIdentityEnrollments
      responses:
        "200":
          description: A list of enrollments
          schema:
            $ref: '#/definitions/listEnrollmentsEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/failed-service-requests:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Returns a list of service session requests that failed due to posture checks. The entries will contain
        every policy that was verified against and every failed check in each policy. Each check will include
        the historical posture data and posture check configuration.
      tags:
      - Identity
      summary: Retrieve a list of the most recent service failure requests due to
        posture checks
      operationId: getIdentityFailedServiceRequests
      responses:
        "200":
          description: Returns a list of service request failures
          schema:
            $ref: '#/definitions/failedServiceRequestEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/mfa:
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Allows an admin to remove MFA enrollment from a specific identity. Requires admin.
      tags:
      - Identity
      - MFA
      summary: Remove MFA from an identitity
      operationId: removeIdentityMfa
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/policy-advice/{serviceId}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Analyzes policies to see if the given identity should be able to dial or bind the given service. |
        Will check services policies to see if the identity can access the service. Will check edge router policies |
        to check if the identity and service have access to common edge routers so that a connnection can be made. |
        Will also check if at least one edge router is on-line. Requires admin access.
      tags:
      - Identity
      summary: Analyze policies relating the given identity and service
      operationId: getIdentityPolicyAdvice
      responses:
        "200":
          description: Returns the document that represents the policy advice
          schema:
            $ref: '#/definitions/getIdentityPolicyAdviceEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
    - type: string
      description: The id of a service
      name: serviceId
      in: path
      required: true
  /identities/{id}/posture-data:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Returns a nested map data represeting the posture data of the identity.
        This data should be considered volatile.
      tags:
      - Identity
      summary: Retrieve the curent posture data for a specific identity.
      operationId: getIdentityPostureData
      responses:
        "200":
          description: Returns the document that represents posture data
          schema:
            $ref: '#/definitions/postureDataEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/service-configs:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of service configs associated to a specific identity
      tags:
      - Identity
      summary: List the service configs associated a specific identity
      operationId: listIdentitysServiceConfigs
      responses:
        "200":
          description: A list of service configs
          schema:
            $ref: '#/definitions/listServiceConfigsEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Associate service configs to a specific identity
      tags:
      - Identity
      summary: Associate service configs for a specific identity
      operationId: associateIdentitysServiceConfigs
      parameters:
      - description: A service config patch object
        name: serviceConfigs
        in: body
        required: true
        schema:
          $ref: '#/definitions/serviceConfigsAssignList'
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Remove service configs from a specific identity
      tags:
      - Identity
      summary: Remove associated service configs from a specific identity
      operationId: disassociateIdentitysServiceConfigs
      parameters:
      - description: An array of service and config id pairs to remove
        name: serviceConfigIdPairs
        in: body
        schema:
          $ref: '#/definitions/serviceConfigsAssignList'
      responses:
        "200":
          description: Base empty response
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/service-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a list of service policies that apply to the specified
        identity.
      tags:
      - Identity
      summary: List the service policies that affect an identity
      operationId: listIdentityServicePolicies
      responses:
        "200":
          description: A list of service policies
          schema:
            $ref: '#/definitions/listServicePoliciesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/services:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of services that the given identity has access to. Supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Identity
      summary: List accessible services
      operationId: listIdentityServices
      parameters:
      - type: string
        name: filter
        in: query
      - enum:
        - dial
        - bind
        type: string
        name: policyType
        in: query
      responses:
        "200":
          description: A list of services
          schema:
            $ref: '#/definitions/listServicesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identities/{id}/trace:
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Allows an admin to enable/disable data flow tracing for an identity
      tags:
      - Identity
      - Tracing
      summary: Enable/disable data flow tracing for an identity
      operationId: updateIdentityTracing
      parameters:
      - description: A traceSpec object
        name: traceSpec
        in: body
        required: true
        schema:
          $ref: '#/definitions/traceSpec'
      responses:
        "200":
          description: Returns the document that represents the trace state
          schema:
            $ref: '#/definitions/traceDetailEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /identity-role-attributes:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of role attributes in use by identities; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Role Attributes
      summary: List role attributes in use by identities
      operationId: listIdentityRoleAttributes
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of role attributes
          schema:
            $ref: '#/definitions/listRoleAttributesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /identity-types:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of identity types; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Identity
      summary: List available identity types
      operationId: listIdentityTypes
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of identity types
          schema:
            $ref: '#/definitions/listIdentityTypesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /identity-types/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single identity type by id. Requires admin access.
      tags:
      - Identity
      summary: Retrieves a identity type
      operationId: detailIdentityType
      responses:
        "200":
          description: A single identity type
          schema:
            $ref: '#/definitions/detailIdentityTypeEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /network-jwts:
    get:
      description: Returns a list of JWTs for trusting a network
      tags:
      - Enrollment
      summary: Returns a list of JWTs suitable for bootstrapping network trust.
      operationId: listNetworkJWTs
      responses:
        "200":
          description: A list of network JWTs
          schema:
            $ref: '#/definitions/listNetworkJWTsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
  /posture-check-role-attributes:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of role attributes in use by posture checks; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Role Attributes
      summary: List role attributes in use by posture checks
      operationId: listPostureCheckRoleAttributes
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of role attributes
          schema:
            $ref: '#/definitions/listRoleAttributesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /posture-check-types:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of posture check types
      produces:
      - application/json; charset=utf-8
      tags:
      - Posture Checks
      summary: List a subset of posture check types
      operationId: listPostureCheckTypes
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of posture check types
          schema:
            $ref: '#/definitions/listPostureCheckTypesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /posture-check-types/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single posture check type by id
      tags:
      - Posture Checks
      summary: Retrieves a single posture check type
      operationId: detailPostureCheckType
      responses:
        "200":
          description: Retrieves a singular posture check type by id
          schema:
            $ref: '#/definitions/detailPostureCheckTypeEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /posture-checks:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of posture checks
      produces:
      - application/json; charset=utf-8
      tags:
      - Posture Checks
      summary: List a subset of posture checks
      operationId: listPostureChecks
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      - type: array
        items:
          type: string
        collectionFormat: multi
        name: roleFilter
        in: query
      - type: string
        name: roleSemantic
        in: query
      responses:
        "200":
          description: A list of posture checks
          schema:
            $ref: '#/definitions/listPostureCheckEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Creates a Posture Checks
      tags:
      - Posture Checks
      summary: Creates a Posture Checks
      operationId: createPostureCheck
      parameters:
      - description: A Posture Check to create
        name: postureCheck
        in: body
        required: true
        schema:
          $ref: '#/definitions/postureCheckCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /posture-checks/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single Posture Checks by id
      tags:
      - Posture Checks
      summary: Retrieves a single Posture Checks
      operationId: detailPostureCheck
      responses:
        "200":
          description: Retrieves a singular posture check by id
          schema:
            $ref: '#/definitions/detailPostureCheckEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a Posture Checks by id
      tags:
      - Posture Checks
      summary: Update all fields on a Posture Checks
      operationId: updatePostureCheck
      parameters:
      - description: A Posture Check update object
        name: postureCheck
        in: body
        required: true
        schema:
          $ref: '#/definitions/postureCheckUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Deletes and Posture Checks by id
      tags:
      - Posture Checks
      summary: Deletes an Posture Checks
      operationId: deletePostureCheck
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "403":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update only the supplied fields on a Posture Checks by id
      tags:
      - Posture Checks
      summary: Update the supplied fields on a Posture Checks
      operationId: patchPostureCheck
      parameters:
      - description: A Posture Check patch object
        name: postureCheck
        in: body
        required: true
        schema:
          $ref: '#/definitions/postureCheckPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /routers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Router
      summary: List routers
      operationId: listRouters
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of specifications
          schema:
            $ref: '#/definitions/listRoutersEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a router resource. Requires admin access.
      tags:
      - Router
      summary: Create a router resource
      operationId: createRouter
      parameters:
      - description: A router to create
        name: router
        in: body
        required: true
        schema:
          $ref: '#/definitions/routerCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /routers/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single router by id. Requires admin access.
      tags:
      - Router
      summary: Retrieves a single router
      operationId: detailRouter
      responses:
        "200":
          description: A single router
          schema:
            $ref: '#/definitions/detailRouterEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a router by id. Requires admin access.
      tags:
      - Router
      summary: Update all fields on a router
      operationId: updateRouter
      parameters:
      - description: A router update object
        name: router
        in: body
        required: true
        schema:
          $ref: '#/definitions/routerUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a router by id. Requires admin access.
      tags:
      - Router
      summary: Delete a router
      operationId: deleteRouter
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a router. Requires admin access.
      tags:
      - Router
      summary: Update the supplied fields on a router
      operationId: patchRouter
      parameters:
      - description: A router patch object
        name: router
        in: body
        required: true
        schema:
          $ref: '#/definitions/routerPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-edge-router-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of service edge router policy resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service Edge Router Policy
      summary: List service edge router policies
      operationId: listServiceEdgeRouterPolicies
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of service edge router policies
          schema:
            $ref: '#/definitions/listServiceEdgeRouterPoliciesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a service edge router policy resource. Requires admin access.
      tags:
      - Service Edge Router Policy
      summary: Create a service edge router policy resource
      operationId: createServiceEdgeRouterPolicy
      parameters:
      - description: A service edge router policy to create
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/serviceEdgeRouterPolicyCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /service-edge-router-policies/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single service edge policy by id. Requires admin access.
      tags:
      - Service Edge Router Policy
      summary: Retrieves a single service edge policy
      operationId: detailServiceEdgeRouterPolicy
      responses:
        "200":
          description: A single service edge router policy
          schema:
            $ref: '#/definitions/detailServiceEdgePolicyEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a service edge policy by id. Requires admin
        access.
      tags:
      - Service Edge Router Policy
      summary: Update all fields on a service edge policy
      operationId: updateServiceEdgeRouterPolicy
      parameters:
      - description: A service edge router policy update object
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/serviceEdgeRouterPolicyUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a service edge policy by id. Requires admin access.
      tags:
      - Service Edge Router Policy
      summary: Delete a service edge policy
      operationId: deleteServiceEdgeRouterPolicy
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a service edge policy. Requires admin
        access.
      tags:
      - Service Edge Router Policy
      summary: Update the supplied fields on a service edge policy
      operationId: patchServiceEdgeRouterPolicy
      parameters:
      - description: A service edge router policy patch object
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/serviceEdgeRouterPolicyPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-edge-router-policies/{id}/edge-routers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: List the edge routers that a service edge router policy applies
        to
      tags:
      - Service Edge Router Policy
      summary: List the edge routers that a service edge router policy applies to
      operationId: listServiceEdgeRouterPolicyEdgeRouters
      responses:
        "200":
          description: A list of edge routers
          schema:
            $ref: '#/definitions/listEdgeRoutersEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-edge-router-policies/{id}/services:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: List the services that a service edge router policy applies to
      tags:
      - Service Edge Router Policy
      summary: List the services that a service edge router policy applies to
      operationId: listServiceEdgeRouterPolicyServices
      responses:
        "200":
          description: A list of services
          schema:
            $ref: '#/definitions/listServicesEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of service policy resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service Policy
      summary: List service policies
      operationId: listServicePolicies
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of service policies
          schema:
            $ref: '#/definitions/listServicePoliciesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a service policy resource. Requires admin access.
      tags:
      - Service Policy
      summary: Create a service policy resource
      operationId: createServicePolicy
      parameters:
      - description: A service policy to create
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/servicePolicyCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /service-policies/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single service policy by id. Requires admin access.
      tags:
      - Service Policy
      summary: Retrieves a single service policy
      operationId: detailServicePolicy
      responses:
        "200":
          description: A single service policy
          schema:
            $ref: '#/definitions/detailServicePolicyEnvelop'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a service policy by id. Requires admin access.
      tags:
      - Service Policy
      summary: Update all fields on a service policy
      operationId: updateServicePolicy
      parameters:
      - description: A service policy update object
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/servicePolicyUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a service policy by id. Requires admin access.
      tags:
      - Service Policy
      summary: Delete a service policy
      operationId: deleteServicePolicy
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a service policy. Requires admin
        access.
      tags:
      - Service Policy
      summary: Update the supplied fields on a service policy
      operationId: patchServicePolicy
      parameters:
      - description: A service policy patch object
        name: policy
        in: body
        required: true
        schema:
          $ref: '#/definitions/servicePolicyPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-policies/{id}/identities:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of identity resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service Policy
      summary: List identities a service policy affects
      operationId: listServicePolicyIdentities
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of identities
          schema:
            $ref: '#/definitions/listIdentitiesEnvelope'
        "400":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-policies/{id}/posture-checks:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of posture check resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service Policy
      summary: List posture check a service policy includes
      operationId: listServicePolicyPostureChecks
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of posture checks
          schema:
            $ref: '#/definitions/listPostureCheckEnvelope'
        "400":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-policies/{id}/services:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of service resources that are affected by a service policy; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service Policy
      summary: List services a service policy affects
      operationId: listServicePolicyServices
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of services
          schema:
            $ref: '#/definitions/listServicesEnvelope'
        "400":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /service-role-attributes:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of role attributes in use by services; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Role Attributes
      summary: List role attributes in use by services
      operationId: listServiceRoleAttributes
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of role attributes
          schema:
            $ref: '#/definitions/listRoleAttributesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /services:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of config resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service
      summary: List services
      operationId: listServices
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      - type: array
        items:
          type: string
        collectionFormat: multi
        name: configTypes
        in: query
      - type: array
        items:
          type: string
        collectionFormat: multi
        name: roleFilter
        in: query
      - type: string
        name: roleSemantic
        in: query
      responses:
        "200":
          description: A list of services
          schema:
            $ref: '#/definitions/listServicesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a services resource. Requires admin access.
      tags:
      - Service
      summary: Create a services resource
      operationId: createService
      parameters:
      - description: A service to create
        name: service
        in: body
        required: true
        schema:
          $ref: '#/definitions/serviceCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /services/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single service by id. Requires admin access.
      tags:
      - Service
      summary: Retrieves a single service
      operationId: detailService
      responses:
        "200":
          description: A single service
          schema:
            $ref: '#/definitions/detailServiceEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a service by id. Requires admin access.
      tags:
      - Service
      summary: Update all fields on a service
      operationId: updateService
      parameters:
      - description: A service update object
        name: service
        in: body
        required: true
        schema:
          $ref: '#/definitions/serviceUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a service by id. Requires admin access.
      tags:
      - Service
      summary: Delete a service
      operationId: deleteService
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a service. Requires admin access.
      tags:
      - Service
      summary: Update the supplied fields on a service
      operationId: patchService
      parameters:
      - description: A service patch object
        name: service
        in: body
        required: true
        schema:
          $ref: '#/definitions/servicePatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /services/{id}/configs:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of config resources associated to a specific service; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service
      summary: List configs associated to a specific service
      operationId: listServiceConfig
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of configs
          schema:
            $ref: '#/definitions/listConfigsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /services/{id}/edge-routers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of edge-routers that may be used to access the given service. Supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service
      summary: List accessible edge-routers
      operationId: listServiceEdgeRouters
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of edge routers
          schema:
            $ref: '#/definitions/listEdgeRoutersEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /services/{id}/identities:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of identities that have access to this service. Supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service
      summary: List identities with access
      operationId: listServiceIdentities
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      - enum:
        - dial
        - bind
        type: string
        name: policyType
        in: query
      responses:
        "200":
          description: A list of identities
          schema:
            $ref: '#/definitions/listIdentitiesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /services/{id}/service-edge-router-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of service edge router policy resources that affect a specific service; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service
      summary: List service edge router policies that affect a specific service
      operationId: listServiceServiceEdgeRouterPolicies
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of service edge router policies
          schema:
            $ref: '#/definitions/listServiceEdgeRouterPoliciesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /services/{id}/service-policies:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of service policy resources that affect specific service; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Service
      summary: List service policies that affect a specific service
      operationId: listServiceServicePolicies
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of service policies
          schema:
            $ref: '#/definitions/listServicePoliciesEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /services/{id}/terminators:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of terminator resources that are assigned specific service; supports filtering, sorting, and pagination.
      tags:
      - Service
      summary: List of terminators assigned to a service
      operationId: listServiceTerminators
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of terminators
          schema:
            $ref: '#/definitions/listTerminatorsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /sessions:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of active sessions resources; supports filtering, sorting, and pagination. Requires admin access.

        Sessions are tied to an API session and are moved when an API session times out or logs out. Active sessions
        (i.e. Ziti SDK connected to an edge router) will keep the session and API session marked as active.
      tags:
      - Session
      summary: List sessions
      operationId: listSessions
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of sessions
          schema:
            $ref: '#/definitions/listSessionsManagementEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /sessions/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single session by id. Requires admin access.
      tags:
      - Session
      summary: Retrieves a single session
      operationId: detailSession
      responses:
        "200":
          description: A single session
          schema:
            $ref: '#/definitions/detailSessionManagementEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a session by id. Requires admin access.
      tags:
      - Session
      summary: Delete a session
      operationId: deleteSession
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /sessions/{id}/route-path:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single session's route path by id. Requires admin access.
      tags:
      - Session
      summary: Retrieves a single session's router path
      operationId: detailSessionRoutePath
      responses:
        "200":
          description: A single session's route path
          schema:
            $ref: '#/definitions/detailSessionRoutePathEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /specs:
    get:
      security: []
      description: Returns a list of spec files embedded within the controller for
        consumption/documentation/code geneartion
      tags:
      - Informational
      summary: Returns a list of API specs
      operationId: listSpecs
      responses:
        "200":
          description: A list of specifications
          schema:
            $ref: '#/definitions/listSpecsEnvelope'
  /specs/{id}:
    get:
      security: []
      description: Returns single spec resource embedded within the controller for
        consumption/documentation/code geneartion
      tags:
      - Informational
      summary: Return a single spec resource
      operationId: detailSpec
      responses:
        "200":
          description: A single specification
          schema:
            $ref: '#/definitions/detailSpecEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /specs/{id}/spec:
    get:
      security: []
      description: Return the body of the specification (i.e. Swagger, OpenAPI 2.0,
        3.0, etc).
      produces:
      - text/yaml
      - application/json
      tags:
      - Informational
      summary: Returns the spec's file
      operationId: detailSpecBody
      responses:
        "200":
          description: Returns the document that represents the specification
          schema:
            $ref: '#/definitions/detailSpecBodyEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /summary:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: This endpoint is usefull for UIs that wish to display UI elements
        with counts.
      tags:
      - Informational
      summary: Returns a list of accessible resource counts
      operationId: listSummary
      responses:
        "200":
          description: Entity counts scopped to the current identitie's access
          schema:
            $ref: '#/definitions/listSummaryCountsEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /terminators:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of terminator resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Terminator
      summary: List terminators
      operationId: listTerminators
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of terminators
          schema:
            $ref: '#/definitions/listTerminatorsEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a terminator resource. Requires admin access.
      tags:
      - Terminator
      summary: Create a terminator resource
      operationId: createTerminator
      parameters:
      - description: A terminator to create
        name: terminator
        in: body
        required: true
        schema:
          $ref: '#/definitions/terminatorCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /terminators/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single terminator by id. Requires admin access.
      tags:
      - Terminator
      summary: Retrieves a single terminator
      operationId: detailTerminator
      responses:
        "200":
          description: A single terminator
          schema:
            $ref: '#/definitions/detailTerminatorEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a terminator by id. Requires admin access.
      tags:
      - Terminator
      summary: Update all fields on a terminator
      operationId: updateTerminator
      parameters:
      - description: A terminator update object
        name: terminator
        in: body
        required: true
        schema:
          $ref: '#/definitions/terminatorUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a terminator by id. Requires admin access.
      tags:
      - Terminator
      summary: Delete a terminator
      operationId: deleteTerminator
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a terminator. Requires admin access.
      tags:
      - Terminator
      summary: Update the supplied fields on a terminator
      operationId: patchTerminator
      parameters:
      - description: A terminator patch object
        name: terminator
        in: body
        required: true
        schema:
          $ref: '#/definitions/terminatorPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /transit-routers:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: |
        Retrieves a list of router resources; supports filtering, sorting, and pagination. Requires admin access.
      tags:
      - Router
      summary: List routers
      operationId: listTransitRouters
      parameters:
      - type: integer
        name: limit
        in: query
      - type: integer
        name: offset
        in: query
      - type: string
        name: filter
        in: query
      responses:
        "200":
          description: A list of specifications
          schema:
            $ref: '#/definitions/listRoutersEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    post:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Create a router resource. Requires admin access.
      tags:
      - Router
      summary: Create a router resource
      operationId: createTransitRouter
      parameters:
      - description: A router to create
        name: router
        in: body
        required: true
        schema:
          $ref: '#/definitions/routerCreate'
      responses:
        "201":
          description: The create request was successful and the resource has been
            added at the following location
          schema:
            $ref: '#/definitions/createEnvelope'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
  /transit-routers/{id}:
    get:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Retrieves a single router by id. Requires admin access.
      tags:
      - Router
      summary: Retrieves a single router
      operationId: detailTransitRouter
      responses:
        "200":
          description: A single router
          schema:
            $ref: '#/definitions/detailRouterEnvelope'
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    put:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update all fields on a router by id. Requires admin access.
      tags:
      - Router
      summary: Update all fields on a router
      operationId: updateTransitRouter
      parameters:
      - description: A router update object
        name: router
        in: body
        required: true
        schema:
          $ref: '#/definitions/routerUpdate'
      responses:
        "200":
          description: The update request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    delete:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Delete a router by id. Requires admin access.
      tags:
      - Router
      summary: Delete a router
      operationId: deleteTransitRouter
      responses:
        "200":
          description: The delete request was successful and the resource has been
            removed
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "409":
          description: The resource requested to be removed/altered cannot be as it
            is referenced by another object.
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                causeMessage: referenced by /some-resource/05f4f710-c155-4a74-86d5-77558eb9cb42
                code: CONFLICT_CANNOT_MODIFY_REFERENCED
                message: The resource cannot be deleted/modified. Remove all referencing
                  resources first.
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    patch:
      security:
      - ztSession: []
      - oauth2:
        - openid
      description: Update the supplied fields on a router. Requires admin access.
      tags:
      - Router
      summary: Update the supplied fields on a router
      operationId: patchTransitRouter
      parameters:
      - description: A router patch object
        name: router
        in: body
        required: true
        schema:
          $ref: '#/definitions/routerPatch'
      responses:
        "200":
          description: The patch request was successful and the resource has been
            altered
          schema:
            $ref: '#/definitions/empty'
        "400":
          description: The supplied request contains invalid fields or could not be
            parsed (json and non-json bodies). The error's code, message, and cause
            fields can be inspected for further information
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause:
                  details:
                    context: (root)
                    field: (root)
                    property: fooField3
                  field: (root)
                  message: '(root): fooField3 is required'
                  type: required
                  value:
                    fooField: abc
                    fooField2: def
                causeMessage: schema validation failed
                code: COULD_NOT_VALIDATE
                message: The supplied request contains an invalid document
                requestId: ac6766d6-3a09-44b3-8d8a-1b541d97fdd9
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "401":
          description: The supplied session does not have the correct access rights
            to request this resource
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                cause: ""
                causeMessage: ""
                code: UNAUTHORIZED
                message: The request could not be completed. The session is not authorized
                  or the credentials are invalid
                requestId: 0bfe7a04-9229-4b7a-812c-9eb3cc0eac0f
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "404":
          description: The requested resource does not exist
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars:
                    id: 71a3000f-7dda-491a-9b90-a19f4ee6c406
                cause: null
                causeMessage: ""
                code: NOT_FOUND
                message: The resource requested was not found or is no longer available
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "429":
          description: The resource requested is rate limited and the rate limit has
            been exceeded
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
          examples:
            application/json:
              error:
                args:
                  urlVars: {}
                causeMessage: you have hit a rate limit in the requested operation
                code: RATE_LIMITED
                message: The resource is rate limited and the rate limit has been
                  exceeded. Please try again later
                requestId: 270908d6-f2ef-4577-b973-67bec18ae376
              meta:
                apiEnrollmentVersion: 0.0.1
                apiVersion: 0.0.1
        "503":
          description: The request could not be completed due to the server being
            busy or in a temporarily bad state
          schema:
            $ref: '#/definitions/apiErrorEnvelope'
    parameters:
    - type: string
      description: The id of the requested resource
      name: id
      in: path
      required: true
  /version:
    get:
      security: []
      tags:
      - Informational
      summary: Returns version information
      operationId: listVersion
      responses:
        "200":
          description: Version information for the controller
          schema:
            $ref: '#/definitions/listVersionEnvelope'
definitions:
  apiAddress:
    type: object
    properties:
      url:
        type: string
      version:
        type: string
  apiAddressArray:
    type: array
    items:
      $ref: '#/definitions/apiAddress'
  apiAddressList:
    type: object
    additionalProperties:
      $ref: '#/definitions/apiAddressArray'
  apiError:
    type: object
    properties:
      args:
        $ref: '#/definitions/apiErrorArgs'
      cause:
        $ref: '#/definitions/apiErrorCause'
      causeMessage:
        type: string
      code:
        type: string
      data:
        type: object
        additionalProperties: true
      message:
        type: string
      requestId:
        type: string
  apiErrorArgs:
    type: object
    properties:
      urlVars:
        type: object
        additionalProperties:
          type: string
  apiErrorCause:
    allOf:
    - $ref: '#/definitions/apiFieldError'
    - $ref: '#/definitions/apiError'
  apiErrorEnvelope:
    type: object
    required:
    - meta
    - error
    properties:
      error:
        $ref: '#/definitions/apiError'
      meta:
        $ref: '#/definitions/meta'
  apiFieldError:
    type: object
    properties:
      field:
        type: string
      reason:
        type: string
      value:
        description: can be any value - string, number, boolean, array or object
  apiSessionDetail:
    description: An API Session object
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - token
      - identity
      - identityId
      - configTypes
      - ipAddress
      - authQueries
      - cachedUpdatedAt
      - isMfaRequired
      - isMfaComplete
      - authenticatorId
      - isCertExtendable
      properties:
        authQueries:
          $ref: '#/definitions/authQueryList'
        authenticatorId:
          type: string
        cachedLastActivityAt:
          type: string
          format: date-time
        configTypes:
          type: array
          items:
            type: string
        identity:
          $ref: '#/definitions/entityRef'
        identityId:
          type: string
        ipAddress:
          type: string
        isCertExtendable:
          type: boolean
        isMfaComplete:
          type: boolean
        isMfaRequired:
          type: boolean
        lastActivityAt:
          type: string
          format: date-time
        token:
          type: string
  apiSessionList:
    type: array
    items:
      $ref: '#/definitions/apiSessionDetail'
  apiSessionPostureData:
    type: object
    required:
    - mfa
    properties:
      endpointState:
        $ref: '#/definitions/postureDataEndpointState'
      mfa:
        $ref: '#/definitions/postureDataMfa'
      sdkInfo:
        $ref: '#/definitions/sdkInfo'
  apiVersion:
    type: object
    required:
    - path
    properties:
      apiBaseUrls:
        type: array
        items:
          type: string
      path:
        type: string
      version:
        type: string
  attributes:
    description: A set of strings used to loosly couple this resource to policies
    type: array
    items:
      type: string
    x-nullable: true
    x-omitempty: true
  authPolicyCreate:
    description: A Auth Policy resource
    type: object
    required:
    - name
    - primary
    - secondary
    properties:
      name:
        type: string
      primary:
        $ref: '#/definitions/authPolicyPrimary'
      secondary:
        $ref: '#/definitions/authPolicySecondary'
      tags:
        $ref: '#/definitions/tags'
  authPolicyDetail:
    description: A Auth Policy resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - primary
      - secondary
      properties:
        name:
          type: string
        primary:
          $ref: '#/definitions/authPolicyPrimary'
        secondary:
          $ref: '#/definitions/authPolicySecondary'
  authPolicyList:
    description: An array of Auth Policies resources
    type: array
    items:
      $ref: '#/definitions/authPolicyDetail'
  authPolicyPatch:
    description: A Auth Policy resource
    type: object
    properties:
      name:
        type: string
        x-nullable: true
      primary:
        $ref: '#/definitions/authPolicyPrimaryPatch'
      secondary:
        $ref: '#/definitions/authPolicySecondaryPatch'
      tags:
        $ref: '#/definitions/tags'
  authPolicyPrimary:
    type: object
    required:
    - updb
    - cert
    - extJwt
    properties:
      cert:
        $ref: '#/definitions/authPolicyPrimaryCert'
      extJwt:
        $ref: '#/definitions/authPolicyPrimaryExtJwt'
      updb:
        $ref: '#/definitions/authPolicyPrimaryUpdb'
  authPolicyPrimaryCert:
    type: object
    required:
    - allowed
    - allowExpiredCerts
    properties:
      allowExpiredCerts:
        type: boolean
      allowed:
        type: boolean
  authPolicyPrimaryCertPatch:
    type: object
    properties:
      allowExpiredCerts:
        type: boolean
        x-nullable: true
      allowed:
        type: boolean
        x-nullable: true
    x-nullable: true
  authPolicyPrimaryExtJwt:
    type: object
    required:
    - allowed
    - allowedSigners
    properties:
      allowed:
        type: boolean
      allowedSigners:
        type: array
        items:
          type: string
  authPolicyPrimaryExtJwtPatch:
    type: object
    properties:
      allowed:
        type: boolean
        x-nullable: true
      allowedSigners:
        type: array
        items:
          type: string
        x-nullable: true
    x-nullable: true
  authPolicyPrimaryPatch:
    type: object
    properties:
      cert:
        $ref: '#/definitions/authPolicyPrimaryCertPatch'
      extJwt:
        $ref: '#/definitions/authPolicyPrimaryExtJwtPatch'
      updb:
        $ref: '#/definitions/authPolicyPrimaryUpdbPatch'
  authPolicyPrimaryUpdb:
    type: object
    required:
    - allowed
    - minPasswordLength
    - requireSpecialChar
    - requireNumberChar
    - requireMixedCase
    - maxAttempts
    - lockoutDurationMinutes
    properties:
      allowed:
        type: boolean
      lockoutDurationMinutes:
        type: integer
      maxAttempts:
        type: integer
      minPasswordLength:
        type: integer
      requireMixedCase:
        type: boolean
      requireNumberChar:
        type: boolean
      requireSpecialChar:
        type: boolean
  authPolicyPrimaryUpdbPatch:
    type: object
    properties:
      allowed:
        type: boolean
        x-nullable: true
      lockoutDurationMinutes:
        type: integer
        x-nullable: true
      maxAttempts:
        type: integer
        x-nullable: true
      minPasswordLength:
        type: integer
        x-nullable: true
      requireMixedCase:
        type: boolean
        x-nullable: true
      requireNumberChar:
        type: boolean
        x-nullable: true
      requireSpecialChar:
        type: boolean
        x-nullable: true
    x-nullable: true
  authPolicySecondary:
    type: object
    required:
    - requireTotp
    properties:
      requireExtJwtSigner:
        type: string
        x-nullable: true
        x-omit-empty: false
      requireTotp:
        type: boolean
  authPolicySecondaryPatch:
    type: object
    properties:
      requireExtJwtSigner:
        type: string
        x-nullable: true
      requireTotp:
        type: boolean
        x-nullable: true
    x-nullable: true
  authPolicyUpdate:
    $ref: '#/definitions/authPolicyCreate'
  authQueryDetail:
    type: object
    required:
    - provider
    properties:
      clientId:
        type: string
      format:
        $ref: '#/definitions/mfaFormats'
      httpMethod:
        type: string
      httpUrl:
        type: string
      id:
        type: string
      maxLength:
        type: integer
      minLength:
        type: integer
      provider:
        $ref: '#/definitions/mfaProviders'
      scopes:
        type: array
        items:
          type: string
      typeId:
        $ref: '#/definitions/authQueryType'
  authQueryList:
    type: array
    items:
      $ref: '#/definitions/authQueryDetail'
  authQueryType:
    type: string
    enum:
    - MFA
    - TOTP
    - EXT-JWT
  authenticate:
    description: A generic authenticate object meant for use with the /authenticate
      path. Required fields depend on authentication method.
    type: object
    properties:
      configTypes:
        $ref: '#/definitions/configTypes'
      envInfo:
        $ref: '#/definitions/envInfo'
      password:
        $ref: '#/definitions/password'
      sdkInfo:
        $ref: '#/definitions/sdkInfo'
      username:
        $ref: '#/definitions/username'
  authenticatorCreate:
    description: Creates an authenticator for a specific identity which can be used
      for API authentication
    type: object
    required:
    - method
    - identityId
    properties:
      certPem:
        description: The client certificate the identity will login with. Used only
          for method='cert'
        type: string
      identityId:
        description: The id of an existing identity that will be assigned this authenticator
        type: string
      method:
        description: The type of authenticator to create; which will dictate which
          properties on this object are required.
        type: string
      password:
        description: The password the identity will login with. Used only for method='updb'
        type: string
      tags:
        $ref: '#/definitions/tags'
      username:
        description: The username that the identity will login with. Used only for
          method='updb'
        type: string
  authenticatorDetail:
    description: A singular authenticator resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - method
      - identityId
      - identity
      properties:
        certPem:
          type: string
        fingerprint:
          type: string
        identity:
          $ref: '#/definitions/entityRef'
        identityId:
          type: string
        isIssuedByNetwork:
          type: boolean
        method:
          type: string
        username:
          type: string
  authenticatorList:
    description: An array of authenticator resources
    type: array
    items:
      $ref: '#/definitions/authenticatorDetail'
  authenticatorPatch:
    description: All of the fields on an authenticator that may be updated
    type: object
    properties:
      password:
        $ref: '#/definitions/passwordNullable'
      tags:
        $ref: '#/definitions/tags'
      username:
        $ref: '#/definitions/usernameNullable'
  authenticatorPatchWithCurrent:
    description: All of the fields on an authenticator that may be updated
    type: object
    allOf:
    - $ref: '#/definitions/authenticatorPatch'
    - type: object
      required:
      - currentPassword
      properties:
        currentPassword:
          $ref: '#/definitions/password'
  authenticatorUpdate:
    description: All of the fields on an authenticator that will be updated
    type: object
    required:
    - username
    - password
    properties:
      password:
        $ref: '#/definitions/password'
      tags:
        $ref: '#/definitions/tags'
      username:
        $ref: '#/definitions/username'
  authenticatorUpdateWithCurrent:
    description: All of the fields on an authenticator that will be updated
    type: object
    allOf:
    - $ref: '#/definitions/authenticatorUpdate'
    - type: object
      required:
      - currentPassword
      properties:
        currentPassword:
          $ref: '#/definitions/password'
  baseEntity:
    description: Fields shared by all Edge API entities
    type: object
    required:
    - id
    - createdAt
    - updatedAt
    - _links
    properties:
      _links:
        $ref: '#/definitions/links'
      createdAt:
        type: string
        format: date-time
      id:
        type: string
      tags:
        $ref: '#/definitions/tags'
      updatedAt:
        type: string
        format: date-time
  caCreate:
    description: A create Certificate Authority (CA) object
    type: object
    required:
    - name
    - certPem
    - isAutoCaEnrollmentEnabled
    - isOttCaEnrollmentEnabled
    - isAuthEnabled
    - identityRoles
    properties:
      certPem:
        type: string
        example: |
          -----BEGIN CERTIFICATE-----
          MIICUjCCAdmgAwIBAgIJANooo7NB+dZZMAoGCCqGSM49BAMCMF4xCzAJBgNVBAYT
          AlVTMQswCQYDVQQIDAJOQzETMBEGA1UECgwKTmV0Rm91bmRyeTEtMCsGA1UEAwwk
          TmV0Rm91bmRyeSBaaXRpIEV4dGVybmFsIEFQSSBSb290IENBMB4XDTE4MTExNTEy
          NTcwOVoXDTM4MTExMDEyNTcwOVowXjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5D
          MRMwEQYDVQQKDApOZXRGb3VuZHJ5MS0wKwYDVQQDDCROZXRGb3VuZHJ5IFppdGkg
          RXh0ZXJuYWwgQVBJIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARwq61Z
          Iaqbaw0PDt3frJZaHjkxfZhwYrykI1GlbRNd/jix03lVG9qvpN5Og9fQfFFcFmD/
          3vCE9S6O0npm0mADQxcBcxbMRAH5dtBuCuiJW6qAAbPgiM32vqSxBiFt0KejYzBh
          MB0GA1UdDgQWBBRx1OVGuc/jdltDc8YBtkw8Tbr4fjAfBgNVHSMEGDAWgBRx1OVG
          uc/jdltDc8YBtkw8Tbr4fjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
          hjAKBggqhkjOPQQDAgNnADBkAjBDRxNZUaIVpkQKnAgJukl3ysd3/i7Z6hDyIEms
          kllz/+ZvmdBp9iedV5o5BvJUggACMCv+UBFlJH7pmsOCo/F45Kk178YsCC7gaMxE
          1ZG1zveyMvsYsH04C9FndE6w2MLvlA==
          -----END CERTIFICATE-----
      externalIdClaim:
        $ref: '#/definitions/externalIdClaim'
      identityNameFormat:
        type: string
      identityRoles:
        $ref: '#/definitions/roles'
      isAuthEnabled:
        type: boolean
        example: true
      isAutoCaEnrollmentEnabled:
        type: boolean
        example: true
      isOttCaEnrollmentEnabled:
        type: boolean
        example: true
      name:
        type: string
        example: Test 3rd Party External CA
      tags:
        $ref: '#/definitions/tags'
  caDetail:
    description: A Certificate Authority (CA) resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - fingerprint
      - certPem
      - isVerified
      - isAutoCaEnrollmentEnabled
      - isOttCaEnrollmentEnabled
      - isAuthEnabled
      - identityRoles
      - identityNameFormat
      properties:
        certPem:
          type: string
        externalIdClaim:
          $ref: '#/definitions/externalIdClaim'
        fingerprint:
          type: string
        identityNameFormat:
          type: string
        identityRoles:
          $ref: '#/definitions/roles'
        isAuthEnabled:
          type: boolean
          example: true
        isAutoCaEnrollmentEnabled:
          type: boolean
          example: true
        isOttCaEnrollmentEnabled:
          type: boolean
          example: true
        isVerified:
          type: boolean
          example: false
        name:
          type: string
        verificationToken:
          type: string
          format: uuid
  caList:
    description: An array of Certificate Authority (CA) resources
    type: array
    items:
      $ref: '#/definitions/caDetail'
  caPatch:
    type: object
    properties:
      externalIdClaim:
        $ref: '#/definitions/externalIdClaimPatch'
      identityNameFormat:
        type: string
        x-nullable: true
      identityRoles:
        $ref: '#/definitions/roles'
      isAuthEnabled:
        type: boolean
        x-nullable: true
        example: true
      isAutoCaEnrollmentEnabled:
        type: boolean
        x-nullable: true
        example: true
      isOttCaEnrollmentEnabled:
        type: boolean
        x-nullable: true
        example: true
      name:
        type: string
        x-nullable: true
        example: My CA
      tags:
        $ref: '#/definitions/tags'
  caUpdate:
    type: object
    required:
    - name
    - isAutoCaEnrollmentEnabled
    - isOttCaEnrollmentEnabled
    - isAuthEnabled
    - identityRoles
    - identityNameFormat
    properties:
      externalIdClaim:
        $ref: '#/definitions/externalIdClaim'
      identityNameFormat:
        type: string
      identityRoles:
        $ref: '#/definitions/roles'
      isAuthEnabled:
        type: boolean
        example: true
      isAutoCaEnrollmentEnabled:
        type: boolean
        example: true
      isOttCaEnrollmentEnabled:
        type: boolean
        example: true
      name:
        type: string
        example: My CA
      tags:
        $ref: '#/definitions/tags'
  capabilities:
    type: string
    enum:
    - OIDC_AUTH
    - HA_CONTROLLER
  commonEdgeRouterProperties:
    type: object
    required:
    - hostname
    - name
    - supportedProtocols
    - syncStatus
    - isOnline
    - cost
    - noTraversal
    - disabled
    properties:
      appData:
        $ref: '#/definitions/tags'
      cost:
        type: integer
        maximum: 65535
        minimum: 0
        x-nullable: true
      disabled:
        type: boolean
      hostname:
        type: string
      isOnline:
        type: boolean
      name:
        type: string
      noTraversal:
        type: boolean
        x-nullable: true
      supportedProtocols:
        type: object
        additionalProperties:
          type: string
      syncStatus:
        type: string
  configCreate:
    description: A config create object
    type: object
    required:
    - name
    - configTypeId
    - data
    properties:
      configTypeId:
        description: The id of a config-type that the data section will match
        type: string
      data:
        description: Data payload is defined by the schema of the config-type defined
          in the type parameter
        type: object
        additionalProperties: true
        x-nullable: false
      name:
        type: string
        example: default.ziti-tunneler-server.v1
      tags:
        $ref: '#/definitions/tags'
    example:
      configTypeId: cea49285-6c07-42cf-9f52-09a9b115c783
      data:
        hostname: example.com
        port: 80
      name: test-config
  configDetail:
    description: A config resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - configTypeId
      - configType
      - data
      properties:
        configType:
          $ref: '#/definitions/entityRef'
        configTypeId:
          type: string
        data:
          description: The data section of a config is based on the schema of its
            type
          type: object
        name:
          type: string
  configList:
    description: An array of config resources
    type: array
    items:
      $ref: '#/definitions/configDetail'
  configPatch:
    description: A config patch object
    type: object
    properties:
      data:
        description: Data payload is defined by the schema of the config-type defined
          in the type parameter
        type: object
        additionalProperties: true
      name:
        type: string
        example: default.ziti-tunneler-server.v1
      tags:
        $ref: '#/definitions/tags'
    example:
      data:
        hostname: example.com
        port: 80
      name: example-config-name
  configTypeCreate:
    description: A config-type create object
    type: object
    required:
    - name
    properties:
      name:
        type: string
        example: ziti-tunneler-server.v1
      schema:
        description: A JSON schema to enforce configuration against
        type: object
        additionalProperties: true
      tags:
        $ref: '#/definitions/tags'
  configTypeDetail:
    description: A config-type resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - schema
      properties:
        name:
          type: string
          example: ziti-tunneler-server.v1
        schema:
          description: A JSON schema to enforce configuration against
          type: object
          additionalProperties: true
  configTypeList:
    description: An array of config-type resources
    type: array
    items:
      $ref: '#/definitions/configTypeDetail'
  configTypePatch:
    description: A config-type patch object
    type: object
    properties:
      name:
        type: string
        example: ziti-tunneler-server.v1
      schema:
        description: A JSON schema to enforce configuration against
        type: object
        additionalProperties: true
      tags:
        $ref: '#/definitions/tags'
  configTypeUpdate:
    description: A config-type update object
    type: object
    required:
    - name
    properties:
      name:
        type: string
        example: ziti-tunneler-server.v1
      schema:
        description: A JSON schema to enforce configuration against
        type: object
        additionalProperties: true
      tags:
        $ref: '#/definitions/tags'
  configTypes:
    description: Specific configuration types that should be returned
    type: array
    items:
      type: string
  configUpdate:
    description: A config update object
    type: object
    required:
    - name
    - data
    properties:
      data:
        description: Data payload is defined by the schema of the config-type defined
          in the type parameter
        type: object
        additionalProperties: true
        x-nullable: false
      name:
        type: string
        example: default.ziti-tunneler-server.v1
      tags:
        $ref: '#/definitions/tags'
    example:
      data:
        hostname: example.com
        port: 80
      name: example-config-name
  controllerDetail:
    description: A controller resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - certPem
      - fingerprint
      - isOnline
      - lastJoinedAt
      properties:
        apiAddresses:
          $ref: '#/definitions/apiAddressList'
        certPem:
          type: string
        ctrlAddress:
          type: string
          x-nullable: true
        fingerprint:
          type: string
        isOnline:
          type: boolean
        lastJoinedAt:
          type: string
          format: date-time
        name:
          type: string
  controllersList:
    description: An array of controller resources
    type: array
    items:
      $ref: '#/definitions/controllerDetail'
  createEnvelope:
    type: object
    properties:
      data:
        $ref: '#/definitions/createLocation'
      meta:
        $ref: '#/definitions/meta'
  createLocation:
    type: object
    properties:
      _links:
        $ref: '#/definitions/links'
      id:
        type: string
  currentApiSessionDetail:
    description: An API Session object for the current API session
    type: object
    allOf:
    - $ref: '#/definitions/apiSessionDetail'
    - type: object
      required:
      - expiresAt
      - expirationSeconds
      properties:
        expirationSeconds:
          type: integer
        expiresAt:
          type: string
          format: date-time
  currentApiSessionDetailEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/currentApiSessionDetail'
      meta:
        $ref: '#/definitions/meta'
  currentIdentityDetailEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/identityDetail'
      meta:
        $ref: '#/definitions/meta'
  dataIntegrityCheckDetail:
    type: object
    required:
    - description
    - fixed
    properties:
      description:
        type: string
      fixed:
        type: boolean
  dataIntegrityCheckDetailList:
    type: array
    items:
      $ref: '#/definitions/dataIntegrityCheckDetail'
  dataIntegrityCheckDetails:
    type: object
    required:
    - inProgress
    - fixingErrors
    - tooManyErrors
    - startTime
    - endTime
    - error
    - results
    properties:
      endTime:
        type: string
        format: date-time
      error:
        type: string
      fixingErrors:
        type: boolean
      inProgress:
        type: boolean
      results:
        $ref: '#/definitions/dataIntegrityCheckDetailList'
      startTime:
        type: string
        format: date-time
      tooManyErrors:
        type: boolean
  dataIntegrityCheckResultEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/dataIntegrityCheckDetails'
      meta:
        $ref: '#/definitions/meta'
  detailApiSessionEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/apiSessionDetail'
      meta:
        $ref: '#/definitions/meta'
  detailAuthPolicyEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/authPolicyDetail'
      meta:
        $ref: '#/definitions/meta'
  detailAuthenticatorEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/authenticatorDetail'
      meta:
        $ref: '#/definitions/meta'
  detailCaEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/caDetail'
      meta:
        $ref: '#/definitions/meta'
  detailConfigEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/configDetail'
      meta:
        $ref: '#/definitions/meta'
  detailConfigTypeEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/configTypeDetail'
      meta:
        $ref: '#/definitions/meta'
  detailEdgeRouterPolicyEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/edgeRouterPolicyDetail'
      meta:
        $ref: '#/definitions/meta'
  detailEnrollmentEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/enrollmentDetail'
      meta:
        $ref: '#/definitions/meta'
  detailExternalJwtSignerEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/externalJwtSignerDetail'
      meta:
        $ref: '#/definitions/meta'
  detailIdentityEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/identityDetail'
      meta:
        $ref: '#/definitions/meta'
  detailIdentityTypeEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/identityTypeDetail'
      meta:
        $ref: '#/definitions/meta'
  detailMfa:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - required:
      - isVerified
      properties:
        isVerified:
          type: boolean
        provisioningUrl:
          description: Not provided if MFA verification has been completed
          type: string
        recoveryCodes:
          description: Not provided if MFA verification has been completed
          type: array
          items:
            type: string
  detailMfaEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/detailMfa'
      meta:
        $ref: '#/definitions/meta'
  detailMfaRecoveryCodes:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - required:
      - recoveryCodes
      properties:
        recoveryCodes:
          type: array
          items:
            type: string
  detailMfaRecoveryCodesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/detailMfaRecoveryCodes'
      meta:
        $ref: '#/definitions/meta'
  detailPostureCheckEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/postureCheckDetail'
      meta:
        $ref: '#/definitions/meta'
  detailPostureCheckTypeEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/postureCheckTypeDetail'
      meta:
        $ref: '#/definitions/meta'
  detailRouterEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/routerDetail'
      meta:
        $ref: '#/definitions/meta'
  detailServiceEdgePolicyEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/serviceEdgeRouterPolicyDetail'
      meta:
        $ref: '#/definitions/meta'
  detailServiceEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/serviceDetail'
      meta:
        $ref: '#/definitions/meta'
  detailServicePolicyEnvelop:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/servicePolicyDetail'
      meta:
        $ref: '#/definitions/meta'
  detailSessionManagementEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/sessionManagementDetail'
      meta:
        $ref: '#/definitions/meta'
  detailSessionRoutePathEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/sessionRoutePathDetail'
      meta:
        $ref: '#/definitions/meta'
  detailSpecBodyEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/specBodyDetail'
      meta:
        $ref: '#/definitions/meta'
  detailSpecEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/specDetail'
      meta:
        $ref: '#/definitions/meta'
  detailTerminatorEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/terminatorDetail'
      meta:
        $ref: '#/definitions/meta'
  detailedEdgeRouterEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/edgeRouterDetail'
      meta:
        $ref: '#/definitions/meta'
  dialBind:
    type: string
    enum:
    - Dial
    - Bind
    - Invalid
  dialBindArray:
    type: array
    items:
      $ref: '#/definitions/dialBind'
  disableParams:
    type: object
    required:
    - durationMinutes
    properties:
      durationMinutes:
        type: integer
  edgeRouterCreate:
    description: An edge router create object
    type: object
    required:
    - name
    properties:
      appData:
        $ref: '#/definitions/tags'
      cost:
        type: integer
        maximum: 65535
        minimum: 0
        x-nullable: true
      disabled:
        type: boolean
        x-nullable: true
      isTunnelerEnabled:
        type: boolean
      name:
        type: string
      noTraversal:
        type: boolean
        x-nullable: true
      roleAttributes:
        $ref: '#/definitions/attributes'
      tags:
        $ref: '#/definitions/tags'
  edgeRouterDetail:
    description: A detail edge router resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - $ref: '#/definitions/commonEdgeRouterProperties'
    - type: object
      required:
      - isVerified
      - roleAttributes
      - os
      - version
      - arch
      - buildDate
      - revision
      - isTunnelerEnabled
      properties:
        certPem:
          type: string
          x-nullable: true
          x-omitempty: false
        enrollmentCreatedAt:
          type: string
          format: date-time
          x-nullable: true
        enrollmentExpiresAt:
          type: string
          format: date-time
          x-nullable: true
        enrollmentJwt:
          type: string
          x-nullable: true
        enrollmentToken:
          type: string
          x-nullable: true
        fingerprint:
          type: string
        isTunnelerEnabled:
          type: boolean
        isVerified:
          type: boolean
        roleAttributes:
          $ref: '#/definitions/attributes'
        unverifiedCertPem:
          type: string
          x-nullable: true
          x-omitempty: false
        unverifiedFingerprint:
          type: string
          x-nullable: true
          x-omitempty: false
        versionInfo:
          $ref: '#/definitions/versionInfo'
    example:
      _links:
        edge-router-policies:
          href: ./edge-routers/b0766b8d-bd1a-4d28-8415-639b29d3c83d/edge-routers
        self:
          href: ./edge-routers/b0766b8d-bd1a-4d28-8415-639b29d3c83d
      cost: 0
      createdAt: "2020-03-16T17:13:31.5807454Z"
      enrollmentCreatedAt: "2020-03-16T17:13:31.5777637Z"
      enrollmentExpiresAt: "2020-03-16T17:18:31.5777637Z"
      enrollmentJwt: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6ImVyb3R0IiwiZXhwIjoxNTg0Mzc5MTExLCJpc3MiOiJodHRwczovL
        2xvY2FsaG9zdDoxMjgwIiwianRpIjoiMzBhMWYwZWEtZDM5Yi00YWFlLWI4NTItMzA0Y2YxYzMwZDFmIiwic3ViIjoiYjA3NjZiOGQtYmQxYS00ZDI
        4LTg0MTUtNjM5YjI5ZDNjODNkIn0.UsyQhCPORQ5tQnYWY7S88LNvV9iFS5Hy-P4aJaClZzEICobKgnQoyQblJcdMvk3cGKwyFqAnQtt0tDZkb8tHz
        Vqyv6bilHcAFuMRrdwXRqdXquabSN5geu2qBUnyzL7Mf2X85if8sbMida6snB4oLZsVRF3CRn4ODBJdeiVJ_Z4rgD-zW2IwtXPApT7ALyiiw2cN4EH
        8pqQ7tpZKqztE0PGEbBQFPGKUFnm7oXyvSUo17EsFJUv5gUlBzfKKGolh5io4ptp22HZrqsqSnqDSOnYEZHonr5Yljuwiktrlh-JKiK6GGns5OAJMP
        dO9lgM4yHSpF2ILbqhWMV93Y3zMOg
      enrollmentToken: 30a1f0ea-d39b-4aae-b852-304cf1c30d1f
      fingerprint: null
      hostname: ""
      id: b0766b8d-bd1a-4d28-8415-639b29d3c83d
      isOnline: false
      isTunnelerEnabled: false
      isVerified: false
      name: TestRouter-e33c837f-3222-4b40-bcd6-b3458fd5156e
      noTraversal: false
      roleAttributes:
      - eastCoast
      - sales
      - test
      supportedProtocols: {}
      tags: {}
      updatedAt: "2020-03-16T17:13:31.5807454Z"
  edgeRouterList:
    description: A list of edge router resources
    type: array
    items:
      $ref: '#/definitions/edgeRouterDetail'
  edgeRouterPatch:
    description: An edge router patch object
    type: object
    properties:
      appData:
        $ref: '#/definitions/tags'
      cost:
        type: integer
        maximum: 65535
        minimum: 0
        x-nullable: true
      disabled:
        type: boolean
        x-nullable: true
      isTunnelerEnabled:
        type: boolean
      name:
        type: string
        x-nullable: true
      noTraversal:
        type: boolean
        x-nullable: true
      roleAttributes:
        $ref: '#/definitions/attributes'
      tags:
        $ref: '#/definitions/tags'
  edgeRouterPolicyCreate:
    required:
    - name
    - semantic
    properties:
      edgeRouterRoles:
        $ref: '#/definitions/roles'
      identityRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      semantic:
        $ref: '#/definitions/semantic'
      tags:
        $ref: '#/definitions/tags'
  edgeRouterPolicyDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - semantic
      - edgeRouterRoles
      - edgeRouterRolesDisplay
      - identityRoles
      - identityRolesDisplay
      - isSystem
      properties:
        edgeRouterRoles:
          $ref: '#/definitions/roles'
        edgeRouterRolesDisplay:
          $ref: '#/definitions/namedRoles'
        identityRoles:
          $ref: '#/definitions/roles'
        identityRolesDisplay:
          $ref: '#/definitions/namedRoles'
        isSystem:
          type: boolean
        name:
          type: string
        semantic:
          $ref: '#/definitions/semantic'
  edgeRouterPolicyList:
    type: array
    items:
      $ref: '#/definitions/edgeRouterPolicyDetail'
  edgeRouterPolicyPatch:
    properties:
      edgeRouterRoles:
        $ref: '#/definitions/roles'
      identityRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      semantic:
        $ref: '#/definitions/semantic'
      tags:
        $ref: '#/definitions/tags'
  edgeRouterPolicyUpdate:
    required:
    - name
    - semantic
    properties:
      edgeRouterRoles:
        $ref: '#/definitions/roles'
      identityRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      semantic:
        $ref: '#/definitions/semantic'
      tags:
        $ref: '#/definitions/tags'
  edgeRouterUpdate:
    description: An edge router update object
    type: object
    required:
    - name
    properties:
      appData:
        $ref: '#/definitions/tags'
      cost:
        type: integer
        maximum: 65535
        minimum: 0
        x-nullable: true
      disabled:
        type: boolean
        x-nullable: true
      isTunnelerEnabled:
        type: boolean
      name:
        type: string
      noTraversal:
        type: boolean
        x-nullable: true
      roleAttributes:
        $ref: '#/definitions/attributes'
      tags:
        $ref: '#/definitions/tags'
  empty:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        type: object
        example: {}
      meta:
        $ref: '#/definitions/meta'
  enrollmentCreate:
    type: object
    required:
    - method
    - expiresAt
    - identityId
    properties:
      caId:
        type: string
        x-nullable: true
      expiresAt:
        type: string
        format: date-time
      identityId:
        type: string
      method:
        type: string
        enum:
        - ott
        - ottca
        - updb
      username:
        type: string
        x-nullable: true
  enrollmentDetail:
    description: |
      An enrollment object. Enrollments are tied to identities and potentially a CA. Depending on the
      method, different fields are utilized. For example ottca enrollments use the `ca` field and updb enrollments
      use the username field, but not vice versa.
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - token
      - method
      - expiresAt
      - details
      properties:
        caId:
          type: string
          x-nullable: true
        edgeRouter:
          $ref: '#/definitions/entityRef'
        edgeRouterId:
          type: string
        expiresAt:
          type: string
          format: date-time
        identity:
          $ref: '#/definitions/entityRef'
        identityId:
          type: string
        jwt:
          type: string
        method:
          type: string
        token:
          type: string
        transitRouter:
          $ref: '#/definitions/entityRef'
        transitRouterId:
          type: string
        username:
          type: string
    example:
      _links:
        self:
          href: ./enrollments/624fa53f-7629-4a7a-9e38-c1f4ce322c1d
      ca: null
      createdAt: "0001-01-01T00:00:00Z"
      expiresAt: "2020-03-11T20:20:24.0055543Z"
      id: 624fa53f-7629-4a7a-9e38-c1f4ce322c1d
      identity:
        _links:
          self:
            href: ./identities/f047ac96-dc3a-408a-a6f2-0ba487c08ef9
        id: f047ac96-dc3a-408a-a6f2-0ba487c08ef9
        name: updb--0f245140-7f2e-4326-badf-6aba55e52475
        urlName: identities
      method: updb
      tags: null
      token: 1e727c8f-07e4-4a1d-a8b0-da0c7a01c6e1
      updatedAt: "0001-01-01T00:00:00Z"
      username: example-username
  enrollmentList:
    description: An array of enrollment resources
    type: array
    items:
      $ref: '#/definitions/enrollmentDetail'
  enrollmentRefresh:
    type: object
    required:
    - expiresAt
    properties:
      expiresAt:
        type: string
        format: date-time
  entityRef:
    description: A reference to another resource and links to interact with it
    type: object
    properties:
      _links:
        $ref: '#/definitions/links'
      entity:
        type: string
      id:
        type: string
      name:
        type: string
  envInfo:
    description: Environment information an authenticating client may provide
    type: object
    properties:
      arch:
        type: string
        maxLength: 255
      domain:
        type: string
        maxLength: 253
      hostname:
        type: string
        maxLength: 253
      os:
        type: string
        maxLength: 255
      osRelease:
        type: string
        maxLength: 255
      osVersion:
        type: string
        maxLength: 255
  externalIdClaim:
    type: object
    required:
    - location
    - matcher
    - matcherCriteria
    - parser
    - parserCriteria
    - index
    properties:
      index:
        type: integer
        x-nullable: true
      location:
        type: string
        enum:
        - COMMON_NAME
        - SAN_URI
        - SAN_EMAIL
        x-nullable: true
      matcher:
        type: string
        enum:
        - ALL
        - PREFIX
        - SUFFIX
        - SCHEME
        x-nullable: true
      matcherCriteria:
        type: string
        x-nullable: true
      parser:
        type: string
        enum:
        - NONE
        - SPLIT
        x-nullable: true
      parserCriteria:
        type: string
        x-nullable: true
  externalIdClaimPatch:
    type: object
    properties:
      index:
        type: integer
        x-nullable: true
      location:
        type: string
        enum:
        - COMMON_NAME
        - SAN_URI
        - SAN_EMAIL
        x-nullable: true
      matcher:
        type: string
        enum:
        - ALL
        - PREFIX
        - SUFFIX
        - SCHEME
        x-nullable: true
      matcherCriteria:
        type: string
        x-nullable: true
      parser:
        type: string
        enum:
        - NONE
        - SPLIT
        x-nullable: true
      parserCriteria:
        type: string
        x-nullable: true
  externalJwtSignerCreate:
    description: A create Certificate Authority (CA) object
    type: object
    required:
    - name
    - enabled
    - issuer
    - audience
    properties:
      audience:
        type: string
        x-nullable: true
      certPem:
        type: string
        x-nullable: true
      claimsProperty:
        type: string
        x-nullable: true
      clientId:
        type: string
        x-nullable: true
      enabled:
        type: boolean
      externalAuthUrl:
        type: string
        format: url
        x-nullable: true
      issuer:
        type: string
      jwksEndpoint:
        type: string
        format: uri
        x-nullable: true
      kid:
        type: string
        x-nullable: true
      name:
        type: string
        example: MyApps Signer
      scopes:
        type: array
        items:
          type: string
        x-nullable: true
      tags:
        $ref: '#/definitions/tags'
      useExternalId:
        type: boolean
        x-nullable: true
  externalJwtSignerDetail:
    description: A External JWT Signer resource
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - certPem
      - jwksEndpoint
      - enabled
      - fingerprint
      - commonName
      - notAfter
      - notBefore
      - externalAuthUrl
      - claimsProperty
      - useExternalId
      - kid
      - issuer
      - audience
      - clientId
      - scopes
      properties:
        audience:
          type: string
        certPem:
          type: string
          x-nullable: true
        claimsProperty:
          type: string
        clientId:
          type: string
        commonName:
          type: string
        enabled:
          type: boolean
        externalAuthUrl:
          type: string
          format: url
        fingerprint:
          type: string
        issuer:
          type: string
        jwksEndpoint:
          type: string
          format: uri
          x-nullable: true
        kid:
          type: string
        name:
          type: string
          example: MyApps Signer
        notAfter:
          type: string
          format: date-time
        notBefore:
          type: string
          format: date-time
        scopes:
          type: array
          items:
            type: string
        useExternalId:
          type: boolean
  externalJwtSignerList:
    description: An array of External JWT Signers resources
    type: array
    items:
      $ref: '#/definitions/externalJwtSignerDetail'
  externalJwtSignerPatch:
    type: object
    properties:
      audience:
        type: string
        x-nullable: true
      certPem:
        type: string
        x-nullable: true
      claimsProperty:
        type: string
        x-nullable: true
      clientId:
        type: string
        x-nullable: true
      enabled:
        type: boolean
        x-nullable: true
      externalAuthUrl:
        type: string
        format: url
        x-nullable: true
      issuer:
        type: string
        x-nullable: true
      jwksEndpoint:
        type: string
        format: uri
        x-nullable: true
      kid:
        type: string
        x-nullable: true
      name:
        type: string
        x-nullable: true
        example: MyApps Signer
      scopes:
        type: array
        items:
          type: string
      tags:
        $ref: '#/definitions/tags'
      useExternalId:
        type: boolean
        x-nullable: true
  externalJwtSignerUpdate:
    type: object
    required:
    - name
    - enabled
    - issuer
    - audience
    properties:
      audience:
        type: string
        x-nullable: true
      certPem:
        type: string
        x-nullable: true
      claimsProperty:
        type: string
        x-nullable: true
      clientId:
        type: string
        x-nullable: true
      enabled:
        type: boolean
      externalAuthUrl:
        type: string
        format: url
        x-nullable: true
      issuer:
        type: string
      jwksEndpoint:
        type: string
        format: uri
        x-nullable: true
      kid:
        type: string
        x-nullable: true
      name:
        type: string
        example: MyApps Signer
      scopes:
        type: array
        items:
          type: string
        x-nullable: true
      tags:
        $ref: '#/definitions/tags'
      useExternalId:
        type: boolean
        x-nullable: true
  failedServiceRequest:
    type: object
    properties:
      apiSessionId:
        type: string
      policyFailures:
        type: array
        items:
          $ref: '#/definitions/policyFailure'
      serviceId:
        type: string
      serviceName:
        type: string
      sessionType:
        $ref: '#/definitions/dialBind'
      when:
        type: string
        format: date-time
  failedServiceRequestEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/failedServiceRequestList'
      meta:
        $ref: '#/definitions/meta'
  failedServiceRequestList:
    type: array
    items:
      $ref: '#/definitions/failedServiceRequest'
  getIdentityPolicyAdviceEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/policyAdvice'
      meta:
        $ref: '#/definitions/meta'
  identityAuthenticators:
    type: object
    properties:
      cert:
        type: object
        properties:
          fingerprint:
            type: string
          id:
            type: string
      updb:
        type: object
        properties:
          id:
            type: string
          username:
            type: string
  identityCreate:
    description: An identity to create
    type: object
    required:
    - name
    - type
    - isAdmin
    properties:
      appData:
        $ref: '#/definitions/tags'
      authPolicyId:
        type: string
        x-nullable: true
      defaultHostingCost:
        $ref: '#/definitions/terminatorCost'
      defaultHostingPrecedence:
        $ref: '#/definitions/terminatorPrecedence'
      enrollment:
        type: object
        properties:
          ott:
            type: boolean
          ottca:
            type: string
          updb:
            type: string
      externalId:
        type: string
        x-nullable: true
      isAdmin:
        type: boolean
      name:
        type: string
      roleAttributes:
        $ref: '#/definitions/attributes'
      serviceHostingCosts:
        $ref: '#/definitions/terminatorCostMap'
      serviceHostingPrecedences:
        $ref: '#/definitions/terminatorPrecedenceMap'
      tags:
        $ref: '#/definitions/tags'
      type:
        $ref: '#/definitions/identityType'
  identityDetail:
    description: Detail of a specific identity
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - type
      - typeId
      - isDefaultAdmin
      - isAdmin
      - authenticators
      - enrollment
      - envInfo
      - sdkInfo
      - roleAttributes
      - hasEdgeRouterConnection
      - edgeRouterConnectionStatus
      - hasApiSession
      - isMfaEnabled
      - serviceHostingPrecedences
      - serviceHostingCosts
      - defaultHostingCost
      - authPolicyId
      - authPolicy
      - externalId
      - disabled
      properties:
        appData:
          $ref: '#/definitions/tags'
        authPolicy:
          $ref: '#/definitions/entityRef'
        authPolicyId:
          type: string
        authenticators:
          $ref: '#/definitions/identityAuthenticators'
        defaultHostingCost:
          $ref: '#/definitions/terminatorCost'
        defaultHostingPrecedence:
          $ref: '#/definitions/terminatorPrecedence'
        disabled:
          type: boolean
        disabledAt:
          type: string
          format: date-time
          x-nullable: true
        disabledUntil:
          type: string
          format: date-time
          x-nullable: true
        edgeRouterConnectionStatus:
          type: string
          enum:
          - online
          - offline
          - unknown
        enrollment:
          $ref: '#/definitions/identityEnrollments'
        envInfo:
          $ref: '#/definitions/envInfo'
        externalId:
          type: string
          x-nullable: true
        hasApiSession:
          type: boolean
        hasEdgeRouterConnection:
          type: boolean
        isAdmin:
          type: boolean
        isDefaultAdmin:
          type: boolean
        isMfaEnabled:
          type: boolean
        name:
          type: string
        roleAttributes:
          $ref: '#/definitions/attributes'
        sdkInfo:
          $ref: '#/definitions/sdkInfo'
        serviceHostingCosts:
          $ref: '#/definitions/terminatorCostMap'
        serviceHostingPrecedences:
          $ref: '#/definitions/terminatorPrecedenceMap'
        type:
          $ref: '#/definitions/entityRef'
        typeId:
          type: string
  identityEnrollments:
    type: object
    properties:
      ott:
        type: object
        properties:
          expiresAt:
            type: string
            format: date-time
          id:
            type: string
          jwt:
            type: string
          token:
            type: string
      ottca:
        type: object
        properties:
          ca:
            $ref: '#/definitions/entityRef'
          caId:
            type: string
          expiresAt:
            type: string
            format: date-time
          id:
            type: string
          jwt:
            type: string
          token:
            type: string
      updb:
        type: object
        properties:
          expiresAt:
            type: string
            format: date-time
          id:
            type: string
          jwt:
            type: string
          token:
            type: string
  identityExtendCerts:
    type: object
    properties:
      ca:
        description: A PEM encoded set of CA certificates
        type: string
      clientCert:
        description: A PEM encoded client certificate
        type: string
  identityExtendEnrollmentEnvelope:
    type: object
    properties:
      data:
        $ref: '#/definitions/identityExtendCerts'
      meta:
        $ref: '#/definitions/meta'
  identityExtendEnrollmentRequest:
    type: object
    required:
    - clientCertCsr
    properties:
      clientCertCsr:
        type: string
  identityExtendValidateEnrollmentRequest:
    type: object
    required:
    - clientCert
    properties:
      clientCert:
        description: A PEM encoded client certificate previously returned after an
          extension request
        type: string
  identityList:
    description: A list of identities
    type: array
    items:
      $ref: '#/definitions/identityDetail'
  identityPatch:
    type: object
    properties:
      appData:
        $ref: '#/definitions/tags'
      authPolicyId:
        type: string
        x-nullable: true
      defaultHostingCost:
        $ref: '#/definitions/terminatorCost'
      defaultHostingPrecedence:
        $ref: '#/definitions/terminatorPrecedence'
      externalId:
        type: string
        x-nullable: true
      isAdmin:
        type: boolean
        x-nullable: true
      name:
        type: string
        x-nullable: true
      roleAttributes:
        $ref: '#/definitions/attributes'
      serviceHostingCosts:
        $ref: '#/definitions/terminatorCostMap'
      serviceHostingPrecedences:
        $ref: '#/definitions/terminatorPrecedenceMap'
      tags:
        $ref: '#/definitions/tags'
      type:
        $ref: '#/definitions/identityType'
  identityType:
    type: string
    enum:
    - User
    - Device
    - Service
    - Router
    - Default
  identityTypeDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      properties:
        name:
          type: string
  identityTypeList:
    type: array
    items:
      $ref: '#/definitions/identityTypeDetail'
  identityUpdate:
    type: object
    required:
    - type
    - name
    - isAdmin
    properties:
      appData:
        $ref: '#/definitions/tags'
      authPolicyId:
        type: string
        x-nullable: true
      defaultHostingCost:
        $ref: '#/definitions/terminatorCost'
      defaultHostingPrecedence:
        $ref: '#/definitions/terminatorPrecedence'
      externalId:
        type: string
        x-nullable: true
      isAdmin:
        type: boolean
      name:
        type: string
      roleAttributes:
        $ref: '#/definitions/attributes'
      serviceHostingCosts:
        $ref: '#/definitions/terminatorCostMap'
      serviceHostingPrecedences:
        $ref: '#/definitions/terminatorPrecedenceMap'
      tags:
        $ref: '#/definitions/tags'
      type:
        $ref: '#/definitions/identityType'
  link:
    description: A link to another resource
    type: object
    required:
    - href
    properties:
      comment:
        type: string
      href:
        type: string
        format: uri
      method:
        type: string
  links:
    description: A map of named links
    type: object
    additionalProperties:
      $ref: '#/definitions/link'
    x-omitempty: false
  listApiSessionsEnvelope:
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/apiSessionList'
      meta:
        $ref: '#/definitions/meta'
  listAuthPoliciesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/authPolicyList'
      meta:
        $ref: '#/definitions/meta'
  listAuthenticatorsEnvelope:
    type: object
    properties:
      data:
        $ref: '#/definitions/authenticatorList'
      meta:
        $ref: '#/definitions/meta'
  listCasEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/caList'
      meta:
        $ref: '#/definitions/meta'
  listConfigTypesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/configTypeList'
      meta:
        $ref: '#/definitions/meta'
  listConfigsEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/configList'
      meta:
        $ref: '#/definitions/meta'
  listControllersEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/controllersList'
      meta:
        $ref: '#/definitions/meta'
  listEdgeRouterPoliciesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/edgeRouterPolicyList'
      meta:
        $ref: '#/definitions/meta'
  listEdgeRoutersEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/edgeRouterList'
      meta:
        $ref: '#/definitions/meta'
  listEnrollmentsEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/enrollmentList'
      meta:
        $ref: '#/definitions/meta'
  listEnumeratedCapabilitiesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        type: array
        items:
          $ref: '#/definitions/capabilities'
      meta:
        $ref: '#/definitions/meta'
  listExternalJwtSignersEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/externalJwtSignerList'
      meta:
        $ref: '#/definitions/meta'
  listIdentitiesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/identityList'
      meta:
        $ref: '#/definitions/meta'
  listIdentityTypesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/identityTypeList'
      meta:
        $ref: '#/definitions/meta'
  listNetworkJWTsEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/networkJWTList'
      meta:
        $ref: '#/definitions/meta'
  listPostureCheckEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        type: array
        items:
          $ref: '#/definitions/postureCheckDetail'
      meta:
        $ref: '#/definitions/meta'
  listPostureCheckTypesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/postureCheckTypeList'
      meta:
        $ref: '#/definitions/meta'
  listRoleAttributesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/roleAttributesList'
      meta:
        $ref: '#/definitions/meta'
  listRoutersEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/routerList'
      meta:
        $ref: '#/definitions/meta'
  listServiceConfigsEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/serviceConfigList'
      meta:
        $ref: '#/definitions/meta'
  listServiceEdgeRouterPoliciesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/serviceEdgeRouterPolicyList'
      meta:
        $ref: '#/definitions/meta'
  listServicePoliciesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/servicePolicyList'
      meta:
        $ref: '#/definitions/meta'
  listServicesEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/serviceList'
      meta:
        $ref: '#/definitions/meta'
  listSessionsManagementEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/sessionManagementList'
      meta:
        $ref: '#/definitions/meta'
  listSpecsEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/specList'
      meta:
        $ref: '#/definitions/meta'
  listSummaryCounts:
    type: object
    additionalProperties:
      type: integer
  listSummaryCountsEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/listSummaryCounts'
      meta:
        $ref: '#/definitions/meta'
  listTerminatorsEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/terminatorList'
      meta:
        $ref: '#/definitions/meta'
  listVersionEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/version'
      meta:
        $ref: '#/definitions/meta'
  meta:
    type: object
    properties:
      apiEnrollmentVersion:
        type: string
      apiVersion:
        type: string
      filterableFields:
        type: array
        items:
          type: string
        x-omitempty: true
      pagination:
        $ref: '#/definitions/pagination'
  mfaCode:
    type: object
    required:
    - code
    properties:
      code:
        type: string
  mfaFormats:
    type: string
    enum:
    - numeric
    - alpha
    - alphaNumeric
  mfaProviders:
    type: string
    enum:
    - ziti
    - url
  namedRole:
    type: object
    properties:
      name:
        type: string
      role:
        type: string
  namedRoles:
    type: array
    items:
      $ref: '#/definitions/namedRole'
    x-omitempty: false
  networkJWT:
    description: A network JWT
    type: object
    allOf:
    - type: object
      required:
      - name
      - token
      properties:
        name:
          type: string
        token:
          type: string
  networkJWTList:
    description: An array of network JWTs
    type: array
    items:
      $ref: '#/definitions/networkJWT'
  operatingSystem:
    type: object
    required:
    - type
    - versions
    properties:
      type:
        $ref: '#/definitions/osType'
      versions:
        type: array
        items:
          type: string
  osType:
    type: string
    enum:
    - Windows
    - WindowsServer
    - Android
    - iOS
    - Linux
    - macOS
  pagination:
    type: object
    required:
    - limit
    - offset
    - totalCount
    properties:
      limit:
        type: number
        format: int64
      offset:
        type: number
        format: int64
      totalCount:
        type: number
        format: int64
  password:
    type: string
    maxLength: 100
    minLength: 5
  passwordNullable:
    type: string
    maxLength: 100
    minLength: 5
    x-nullable: true
  policyAdvice:
    type: object
    properties:
      commonRouters:
        type: array
        items:
          $ref: '#/definitions/routerEntityRef'
      identity:
        $ref: '#/definitions/entityRef'
      identityId:
        type: string
      identityRouterCount:
        type: number
        format: int32
      isBindAllowed:
        type: boolean
      isDialAllowed:
        type: boolean
      service:
        $ref: '#/definitions/entityRef'
      serviceId:
        type: string
      serviceRouterCount:
        type: number
        format: int32
  policyFailure:
    type: object
    properties:
      checks:
        type: array
        items:
          $ref: '#/definitions/postureCheckFailure'
      policyId:
        type: string
      policyName:
        type: string
  postureCheckCreate:
    type: object
    required:
    - name
    - typeId
    properties:
      name:
        type: string
      roleAttributes:
        $ref: '#/definitions/attributes'
      tags:
        $ref: '#/definitions/tags'
      typeId:
        $ref: '#/definitions/postureCheckType'
    discriminator: typeId
  postureCheckDetail:
    type: object
    required:
    - name
    - typeId
    - version
    - roleAttributes
    - id
    - createdAt
    - updatedAt
    - _links
    - tags
    properties:
      _links:
        $ref: '#/definitions/links'
      createdAt:
        type: string
        format: date-time
      id:
        type: string
      name:
        type: string
      roleAttributes:
        $ref: '#/definitions/attributes'
      tags:
        $ref: '#/definitions/tags'
      typeId:
        type: string
      updatedAt:
        type: string
        format: date-time
      version:
        type: integer
    discriminator: typeId
  postureCheckDomainCreate:
    allOf:
    - $ref: '#/definitions/postureCheckCreate'
    - type: object
      required:
      - domains
      properties:
        domains:
          type: array
          minItems: 1
          items:
            type: string
    x-class: DOMAIN
  postureCheckDomainDetail:
    allOf:
    - $ref: '#/definitions/postureCheckDetail'
    - type: object
      required:
      - domains
      properties:
        domains:
          type: array
          minItems: 1
          items:
            type: string
    x-class: DOMAIN
  postureCheckDomainPatch:
    allOf:
    - $ref: '#/definitions/postureCheckPatch'
    - type: object
      properties:
        domains:
          type: array
          minItems: 1
          items:
            type: string
    x-class: DOMAIN
  postureCheckDomainUpdate:
    allOf:
    - $ref: '#/definitions/postureCheckUpdate'
    - type: object
      required:
      - domains
      properties:
        domains:
          type: array
          minItems: 1
          items:
            type: string
    x-class: DOMAIN
  postureCheckFailure:
    type: object
    required:
    - postureCheckId
    - postureCheckName
    - postureCheckType
    properties:
      postureCheckId:
        type: string
      postureCheckName:
        type: string
      postureCheckType:
        type: string
    discriminator: postureCheckType
  postureCheckFailureDomain:
    allOf:
    - $ref: '#/definitions/postureCheckFailure'
    - type: object
      required:
      - actualValue
      - expectedValue
      properties:
        actualValue:
          type: string
        expectedValue:
          type: array
          items:
            type: string
    x-class: DOMAIN
  postureCheckFailureMacAddress:
    allOf:
    - $ref: '#/definitions/postureCheckFailure'
    - type: object
      required:
      - actualValue
      - expectedValue
      properties:
        actualValue:
          type: array
          items:
            type: string
        expectedValue:
          type: array
          items:
            type: string
    x-class: MAC
  postureCheckFailureMfa:
    allOf:
    - $ref: '#/definitions/postureCheckFailure'
    - type: object
      required:
      - actualValue
      - expectedValue
      - criteria
      properties:
        actualValue:
          $ref: '#/definitions/postureChecksFailureMfaValues'
        criteria:
          $ref: '#/definitions/postureChecksFailureMfaCriteria'
        expectedValue:
          $ref: '#/definitions/postureChecksFailureMfaValues'
    x-class: MFA
  postureCheckFailureOperatingSystem:
    allOf:
    - $ref: '#/definitions/postureCheckFailure'
    - type: object
      required:
      - actualValue
      - expectedValue
      properties:
        actualValue:
          $ref: '#/definitions/postureCheckFailureOperatingSystemActual'
        expectedValue:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/operatingSystem'
    x-class: OS
  postureCheckFailureOperatingSystemActual:
    type: object
    required:
    - type
    - version
    properties:
      type:
        type: string
      version:
        type: string
  postureCheckFailureProcess:
    allOf:
    - $ref: '#/definitions/postureCheckFailure'
    - type: object
      required:
      - actualValue
      - expectedValue
      properties:
        actualValue:
          $ref: '#/definitions/postureCheckFailureProcessActual'
        expectedValue:
          $ref: '#/definitions/process'
    x-class: PROCESS
  postureCheckFailureProcessActual:
    type: object
    required:
    - isRunning
    - hash
    - signerFingerprints
    properties:
      hash:
        type: string
      isRunning:
        type: boolean
      osType:
        $ref: '#/definitions/osType'
      path:
        type: string
      signerFingerprints:
        type: array
        items:
          type: string
  postureCheckFailureProcessMulti:
    allOf:
    - $ref: '#/definitions/postureCheckFailure'
    - type: object
      required:
      - actualValue
      - expectedValue
      - semantic
      properties:
        actualValue:
          type: array
          items:
            $ref: '#/definitions/postureCheckFailureProcessActual'
        expectedValue:
          type: array
          items:
            $ref: '#/definitions/processMulti'
        semantic:
          $ref: '#/definitions/semantic'
    x-class: PROCESS_MULTI
  postureCheckMacAddressCreate:
    allOf:
    - $ref: '#/definitions/postureCheckCreate'
    - type: object
      required:
      - macAddresses
      properties:
        macAddresses:
          type: array
          minItems: 1
          items:
            type: string
    x-class: MAC
  postureCheckMacAddressDetail:
    allOf:
    - $ref: '#/definitions/postureCheckDetail'
    - type: object
      required:
      - macAddresses
      properties:
        macAddresses:
          type: array
          minItems: 1
          items:
            type: string
    x-class: MAC
  postureCheckMacAddressPatch:
    allOf:
    - $ref: '#/definitions/postureCheckPatch'
    - type: object
      properties:
        macAddresses:
          type: array
          minItems: 1
          items:
            type: string
    x-class: MAC
  postureCheckMacAddressUpdate:
    allOf:
    - $ref: '#/definitions/postureCheckUpdate'
    - type: object
      required:
      - macAddresses
      properties:
        macAddresses:
          type: array
          minItems: 1
          items:
            type: string
    x-class: MAC
  postureCheckMfaCreate:
    allOf:
    - $ref: '#/definitions/postureCheckCreate'
    - $ref: '#/definitions/postureCheckMfaProperties'
    x-class: MFA
  postureCheckMfaDetail:
    allOf:
    - $ref: '#/definitions/postureCheckDetail'
    - $ref: '#/definitions/postureCheckMfaProperties'
    x-class: MFA
  postureCheckMfaPatch:
    allOf:
    - $ref: '#/definitions/postureCheckPatch'
    - $ref: '#/definitions/postureCheckMfaPropertiesPatch'
    x-class: MFA
  postureCheckMfaProperties:
    type: object
    properties:
      ignoreLegacyEndpoints:
        type: boolean
      promptOnUnlock:
        type: boolean
      promptOnWake:
        type: boolean
      timeoutSeconds:
        type: integer
  postureCheckMfaPropertiesPatch:
    type: object
    properties:
      ignoreLegacyEndpoints:
        type: boolean
        x-nullable: true
      promptOnUnlock:
        type: boolean
        x-nullable: true
      promptOnWake:
        type: boolean
        x-nullable: true
      timeoutSeconds:
        type: integer
        x-nullable: true
  postureCheckMfaUpdate:
    allOf:
    - $ref: '#/definitions/postureCheckUpdate'
    - $ref: '#/definitions/postureCheckMfaProperties'
    x-class: MFA
  postureCheckOperatingSystemCreate:
    allOf:
    - $ref: '#/definitions/postureCheckCreate'
    - type: object
      required:
      - operatingSystems
      properties:
        operatingSystems:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/operatingSystem'
    x-class: OS
  postureCheckOperatingSystemDetail:
    allOf:
    - $ref: '#/definitions/postureCheckDetail'
    - type: object
      required:
      - operatingSystems
      properties:
        operatingSystems:
          type: array
          items:
            $ref: '#/definitions/operatingSystem'
    x-class: OS
  postureCheckOperatingSystemPatch:
    allOf:
    - $ref: '#/definitions/postureCheckPatch'
    - type: object
      properties:
        operatingSystems:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/operatingSystem'
    x-class: OS
  postureCheckOperatingSystemUpdate:
    allOf:
    - $ref: '#/definitions/postureCheckUpdate'
    - type: object
      required:
      - operatingSystems
      properties:
        operatingSystems:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/operatingSystem'
    x-class: OS
  postureCheckPatch:
    type: object
    required:
    - typeId
    properties:
      name:
        type: string
      roleAttributes:
        $ref: '#/definitions/attributes'
      tags:
        $ref: '#/definitions/tags'
      typeId:
        $ref: '#/definitions/postureCheckType'
    discriminator: typeId
  postureCheckProcessCreate:
    allOf:
    - $ref: '#/definitions/postureCheckCreate'
    - type: object
      required:
      - process
      properties:
        process:
          $ref: '#/definitions/process'
    x-class: PROCESS
  postureCheckProcessDetail:
    allOf:
    - $ref: '#/definitions/postureCheckDetail'
    - type: object
      required:
      - process
      properties:
        process:
          $ref: '#/definitions/process'
    x-class: PROCESS
  postureCheckProcessMultiCreate:
    allOf:
    - $ref: '#/definitions/postureCheckCreate'
    - type: object
      required:
      - semantic
      - processes
      properties:
        processes:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/processMulti'
        semantic:
          $ref: '#/definitions/semantic'
    x-class: PROCESS_MULTI
  postureCheckProcessMultiDetail:
    allOf:
    - $ref: '#/definitions/postureCheckDetail'
    - type: object
      required:
      - semantic
      - processes
      properties:
        processes:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/processMulti'
        semantic:
          $ref: '#/definitions/semantic'
    x-class: PROCESS_MULTI
  postureCheckProcessMultiPatch:
    allOf:
    - $ref: '#/definitions/postureCheckPatch'
    - type: object
      properties:
        processes:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/processMulti'
        semantic:
          $ref: '#/definitions/semantic'
    x-class: PROCESS_MULTI
  postureCheckProcessMultiUpdate:
    allOf:
    - $ref: '#/definitions/postureCheckUpdate'
    - type: object
      required:
      - semantic
      - processes
      properties:
        processes:
          type: array
          minItems: 1
          items:
            $ref: '#/definitions/processMulti'
        semantic:
          $ref: '#/definitions/semantic'
    x-class: PROCESS_MULTI
  postureCheckProcessPatch:
    allOf:
    - $ref: '#/definitions/postureCheckPatch'
    - type: object
      properties:
        process:
          $ref: '#/definitions/process'
    x-class: PROCESS
  postureCheckProcessUpdate:
    allOf:
    - $ref: '#/definitions/postureCheckUpdate'
    - type: object
      required:
      - process
      properties:
        process:
          $ref: '#/definitions/process'
    x-class: PROCESS
  postureCheckType:
    type: string
    enum:
    - OS
    - PROCESS
    - DOMAIN
    - MAC
    - MFA
    - PROCESS_MULTI
  postureCheckTypeDetail:
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - operatingSystems
      - version
      properties:
        name:
          type: string
        operatingSystems:
          type: array
          items:
            $ref: '#/definitions/operatingSystem'
        version:
          type: string
  postureCheckTypeList:
    type: array
    items:
      $ref: '#/definitions/postureCheckTypeDetail'
  postureCheckUpdate:
    type: object
    required:
    - name
    properties:
      name:
        type: string
      roleAttributes:
        $ref: '#/definitions/attributes'
      tags:
        $ref: '#/definitions/tags'
      typeId:
        $ref: '#/definitions/postureCheckType'
    discriminator: typeId
  postureChecksFailureMfaCriteria:
    type: object
    required:
    - passedMfaAt
    - wokenAt
    - unlockedAt
    - timeoutSeconds
    - timeoutRemainingSeconds
    properties:
      passedMfaAt:
        type: string
        format: date-time
      timeoutRemainingSeconds:
        type: integer
      timeoutSeconds:
        type: integer
      unlockedAt:
        type: string
        format: date-time
      wokenAt:
        type: string
        format: date-time
  postureChecksFailureMfaValues:
    type: object
    properties:
      passedMfa:
        type: boolean
        x-omitempty: false
      passedOnUnlock:
        type: boolean
        x-omitempty: false
      passedOnWake:
        type: boolean
        x-omitempty: false
      timedOut:
        type: boolean
        x-omitempty: false
  postureData:
    type: object
    required:
    - mac
    - domain
    - os
    - processes
    - apiSessionPostureData
    properties:
      apiSessionPostureData:
        type: object
        additionalProperties:
          $ref: '#/definitions/apiSessionPostureData'
      domain:
        $ref: '#/definitions/postureDataDomain'
      mac:
        $ref: '#/definitions/postureDataMac'
      os:
        $ref: '#/definitions/postureDataOs'
      processes:
        type: array
        items:
          $ref: '#/definitions/postureDataProcess'
  postureDataBase:
    type: object
    required:
    - postureCheckId
    - timedOut
    - lastUpdatedAt
    properties:
      lastUpdatedAt:
        type: string
        format: date-time
      postureCheckId:
        type: string
      timedOut:
        type: boolean
  postureDataDomain:
    type: object
    allOf:
    - $ref: '#/definitions/postureDataBase'
    - type: object
      required:
      - domain
      properties:
        domain:
          type: string
  postureDataEndpointState:
    type: object
    required:
    - wokenAt
    - unlockedAt
    properties:
      unlockedAt:
        type: string
        format: date-time
      wokenAt:
        type: string
        format: date-time
  postureDataEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/postureData'
      meta:
        $ref: '#/definitions/meta'
  postureDataMac:
    type: object
    allOf:
    - $ref: '#/definitions/postureDataBase'
    - type: object
      required:
      - addresses
      properties:
        addresses:
          type: array
          items:
            type: string
  postureDataMfa:
    type: object
    required:
    - apiSessionId
    - passedMfa
    - passedOnWake
    - passedOnUnlock
    - passedAt
    properties:
      apiSessionId:
        type: string
      passedAt:
        type: string
        format: date-time
        x-omitempty: false
      passedMfa:
        type: boolean
        x-omitempty: false
      passedOnUnlock:
        type: boolean
        x-omitempty: false
      passedOnWake:
        type: boolean
        x-omitempty: false
  postureDataOs:
    type: object
    allOf:
    - $ref: '#/definitions/postureDataBase'
    - type: object
      required:
      - type
      - version
      - build
      properties:
        build:
          type: string
        type:
          type: string
        version:
          type: string
  postureDataProcess:
    type: object
    allOf:
    - $ref: '#/definitions/postureDataBase'
    - type: object
      properties:
        binaryHash:
          type: string
        isRunning:
          type: boolean
        signerFingerprints:
          type: array
          items:
            type: string
  postureQueries:
    type: object
    required:
    - policyId
    - isPassing
    - postureQueries
    properties:
      isPassing:
        type: boolean
      policyId:
        type: string
      policyType:
        $ref: '#/definitions/dialBind'
      postureQueries:
        type: array
        items:
          $ref: '#/definitions/postureQuery'
  postureQuery:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - queryType
      - isPassing
      - timeout
      - timeoutRemaining
      properties:
        isPassing:
          type: boolean
        process:
          $ref: '#/definitions/postureQueryProcess'
        processes:
          type: array
          items:
            $ref: '#/definitions/postureQueryProcess'
        queryType:
          $ref: '#/definitions/postureCheckType'
        timeout:
          type: integer
        timeoutRemaining:
          type: integer
  postureQueryProcess:
    type: object
    properties:
      osType:
        $ref: '#/definitions/osType'
      path:
        type: string
  process:
    type: object
    required:
    - osType
    - path
    properties:
      hashes:
        type: array
        items:
          type: string
      osType:
        $ref: '#/definitions/osType'
      path:
        type: string
      signerFingerprint:
        type: string
  processMulti:
    type: object
    required:
    - osType
    - path
    properties:
      hashes:
        type: array
        items:
          type: string
      osType:
        $ref: '#/definitions/osType'
      path:
        type: string
      signerFingerprints:
        type: array
        items:
          type: string
  reEnroll:
    type: object
    required:
    - expiresAt
    properties:
      expiresAt:
        type: string
        format: date-time
  roleAttributesList:
    description: An array of role attributes
    type: array
    items:
      type: string
  roles:
    type: array
    items:
      type: string
    x-omitempty: false
  routerCreate:
    type: object
    required:
    - name
    properties:
      cost:
        type: integer
        maximum: 65535
        minimum: 0
        x-nullable: true
      disabled:
        type: boolean
        x-nullable: true
      name:
        type: string
      noTraversal:
        type: boolean
        x-nullable: true
      tags:
        $ref: '#/definitions/tags'
  routerDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - isVerified
      - isOnline
      - fingerprint
      - cost
      - noTraversal
      - disabled
      properties:
        cost:
          type: integer
          maximum: 65535
          minimum: 0
        disabled:
          type: boolean
        enrollmentCreatedAt:
          type: string
          format: date-time
          x-nullable: true
        enrollmentExpiresAt:
          type: string
          format: date-time
          x-nullable: true
        enrollmentJwt:
          type: string
          x-nullable: true
        enrollmentToken:
          type: string
          x-nullable: true
        fingerprint:
          type: string
        isOnline:
          type: boolean
        isVerified:
          type: boolean
        name:
          type: string
        noTraversal:
          type: boolean
        unverifiedCertPem:
          type: string
          x-nullable: true
          x-omitempty: false
        unverifiedFingerprint:
          type: string
          x-nullable: true
          x-omitempty: false
  routerEntityRef:
    type: object
    allOf:
    - $ref: '#/definitions/entityRef'
    - type: object
      required:
      - isOnline
      properties:
        isOnline:
          type: boolean
  routerList:
    type: array
    items:
      $ref: '#/definitions/routerDetail'
  routerPatch:
    type: object
    properties:
      cost:
        type: integer
        maximum: 65535
        minimum: 0
        x-nullable: true
      disabled:
        type: boolean
        x-nullable: true
      name:
        type: string
      noTraversal:
        type: boolean
        x-nullable: true
      tags:
        $ref: '#/definitions/tags'
  routerUpdate:
    type: object
    required:
    - name
    properties:
      cost:
        type: integer
        maximum: 65535
        minimum: 0
        x-nullable: true
      disabled:
        type: boolean
        x-nullable: true
      name:
        type: string
      noTraversal:
        type: boolean
        x-nullable: true
      tags:
        $ref: '#/definitions/tags'
  sdkInfo:
    description: SDK information an authenticating client may provide
    type: object
    properties:
      appId:
        type: string
        maxLength: 255
      appVersion:
        type: string
        maxLength: 255
      branch:
        type: string
        maxLength: 255
      revision:
        type: string
        maxLength: 255
      type:
        type: string
        maxLength: 255
      version:
        type: string
        maxLength: 255
  semantic:
    type: string
    enum:
    - AllOf
    - AnyOf
  serviceConfigAssign:
    type: object
    required:
    - serviceId
    - configId
    properties:
      configId:
        type: string
      serviceId:
        type: string
  serviceConfigDetail:
    type: object
    required:
    - serviceId
    - service
    - configId
    - config
    properties:
      config:
        $ref: '#/definitions/entityRef'
      configId:
        type: string
      service:
        $ref: '#/definitions/entityRef'
      serviceId:
        type: string
    example:
      config:
        _links:
          self:
            href: ./identities/13347602-ba34-4ff7-8082-e533ba945744
        id: 13347602-ba34-4ff7-8082-e533ba945744
        name: test-config-02fade09-fcc3-426c-854e-18539726bdc6
        urlName: configs
      service:
        _links:
          self:
            href: ./services/913a8c63-17a6-44d7-82b3-9f6eb997cf8e
        id: 913a8c63-17a6-44d7-82b3-9f6eb997cf8e
        name: netcat4545-egress-r2
        urlName: services
  serviceConfigList:
    type: array
    items:
      $ref: '#/definitions/serviceConfigDetail'
  serviceConfigsAssignList:
    type: array
    items:
      $ref: '#/definitions/serviceConfigAssign'
  serviceCreate:
    type: object
    required:
    - name
    - encryptionRequired
    properties:
      configs:
        type: array
        items:
          type: string
      encryptionRequired:
        description: Describes whether connections must support end-to-end encryption
          on both sides of the connection.
        type: boolean
      maxIdleTimeMillis:
        type: integer
      name:
        type: string
      roleAttributes:
        type: array
        items:
          type: string
      tags:
        $ref: '#/definitions/tags'
      terminatorStrategy:
        type: string
  serviceDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - maxIdleTimeMillis
      - terminatorStrategy
      - roleAttributes
      - permissions
      - configs
      - config
      - encryptionRequired
      - postureQueries
      properties:
        config:
          description: map of config data for this service keyed by the config type
            name. Only configs of the types requested will be returned.
          type: object
          additionalProperties:
            type: object
            additionalProperties:
              type: object
        configs:
          type: array
          items:
            type: string
        encryptionRequired:
          description: Describes whether connections must support end-to-end encryption
            on both sides of the connection. Read-only property, set at create.
          type: boolean
        maxIdleTimeMillis:
          type: integer
        name:
          type: string
        permissions:
          $ref: '#/definitions/dialBindArray'
        postureQueries:
          type: array
          items:
            $ref: '#/definitions/postureQueries'
        roleAttributes:
          $ref: '#/definitions/attributes'
        terminatorStrategy:
          type: string
  serviceEdgeRouterPolicyCreate:
    type: object
    required:
    - name
    - semantic
    properties:
      edgeRouterRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      semantic:
        $ref: '#/definitions/semantic'
      serviceRoles:
        $ref: '#/definitions/roles'
      tags:
        $ref: '#/definitions/tags'
  serviceEdgeRouterPolicyDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - semantic
      - edgeRouterRoles
      - edgeRouterRolesDisplay
      - serviceRoles
      - serviceRolesDisplay
      properties:
        edgeRouterRoles:
          $ref: '#/definitions/roles'
        edgeRouterRolesDisplay:
          $ref: '#/definitions/namedRoles'
        name:
          type: string
        semantic:
          $ref: '#/definitions/semantic'
        serviceRoles:
          $ref: '#/definitions/roles'
        serviceRolesDisplay:
          $ref: '#/definitions/namedRoles'
  serviceEdgeRouterPolicyList:
    type: array
    items:
      $ref: '#/definitions/serviceEdgeRouterPolicyDetail'
  serviceEdgeRouterPolicyPatch:
    type: object
    properties:
      edgeRouterRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      semantic:
        $ref: '#/definitions/semantic'
      serviceRoles:
        $ref: '#/definitions/roles'
      tags:
        $ref: '#/definitions/tags'
  serviceEdgeRouterPolicyUpdate:
    type: object
    required:
    - name
    - semantic
    properties:
      edgeRouterRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      semantic:
        $ref: '#/definitions/semantic'
      serviceRoles:
        $ref: '#/definitions/roles'
      tags:
        $ref: '#/definitions/tags'
  serviceList:
    type: array
    items:
      $ref: '#/definitions/serviceDetail'
  servicePatch:
    type: object
    properties:
      configs:
        type: array
        items:
          type: string
      encryptionRequired:
        description: Describes whether connections must support end-to-end encryption
          on both sides of the connection. Read-only property, set at create.
        type: boolean
      maxIdleTimeMillis:
        type: integer
      name:
        type: string
      roleAttributes:
        type: array
        items:
          type: string
      tags:
        $ref: '#/definitions/tags'
      terminatorStrategy:
        type: string
  servicePolicyCreate:
    type: object
    required:
    - name
    - type
    - semantic
    properties:
      identityRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      postureCheckRoles:
        $ref: '#/definitions/roles'
      semantic:
        $ref: '#/definitions/semantic'
      serviceRoles:
        $ref: '#/definitions/roles'
      tags:
        $ref: '#/definitions/tags'
      type:
        $ref: '#/definitions/dialBind'
  servicePolicyDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      - type
      - semantic
      - serviceRoles
      - serviceRolesDisplay
      - identityRoles
      - identityRolesDisplay
      - postureCheckRoles
      - postureCheckRolesDisplay
      properties:
        identityRoles:
          $ref: '#/definitions/roles'
        identityRolesDisplay:
          $ref: '#/definitions/namedRoles'
        name:
          type: string
        postureCheckRoles:
          $ref: '#/definitions/roles'
        postureCheckRolesDisplay:
          $ref: '#/definitions/namedRoles'
        semantic:
          $ref: '#/definitions/semantic'
        serviceRoles:
          $ref: '#/definitions/roles'
        serviceRolesDisplay:
          $ref: '#/definitions/namedRoles'
        type:
          $ref: '#/definitions/dialBind'
  servicePolicyList:
    type: array
    items:
      $ref: '#/definitions/servicePolicyDetail'
  servicePolicyPatch:
    type: object
    properties:
      identityRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      postureCheckRoles:
        $ref: '#/definitions/roles'
      semantic:
        $ref: '#/definitions/semantic'
      serviceRoles:
        $ref: '#/definitions/roles'
      tags:
        $ref: '#/definitions/tags'
      type:
        $ref: '#/definitions/dialBind'
  servicePolicyUpdate:
    type: object
    required:
    - name
    - type
    - semantic
    properties:
      identityRoles:
        $ref: '#/definitions/roles'
      name:
        type: string
      postureCheckRoles:
        $ref: '#/definitions/roles'
      semantic:
        $ref: '#/definitions/semantic'
      serviceRoles:
        $ref: '#/definitions/roles'
      tags:
        $ref: '#/definitions/tags'
      type:
        $ref: '#/definitions/dialBind'
  serviceUpdate:
    type: object
    required:
    - name
    properties:
      configs:
        type: array
        items:
          type: string
      encryptionRequired:
        description: Describes whether connections must support end-to-end encryption
          on both sides of the connection. Read-only property, set at create.
        type: boolean
      maxIdleTimeMillis:
        type: integer
      name:
        type: string
      roleAttributes:
        type: array
        items:
          type: string
      tags:
        $ref: '#/definitions/tags'
      terminatorStrategy:
        type: string
  sessionDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - type
      - apiSessionId
      - apiSession
      - serviceId
      - service
      - token
      - edgeRouters
      - identityId
      properties:
        apiSession:
          $ref: '#/definitions/entityRef'
        apiSessionId:
          type: string
        edgeRouters:
          type: array
          items:
            $ref: '#/definitions/sessionEdgeRouter'
        identityId:
          type: string
        service:
          $ref: '#/definitions/entityRef'
        serviceId:
          type: string
        token:
          type: string
        type:
          $ref: '#/definitions/dialBind'
  sessionEdgeRouter:
    allOf:
    - $ref: '#/definitions/commonEdgeRouterProperties'
    - type: object
      required:
      - urls
      properties:
        urls:
          type: object
          additionalProperties:
            type: string
  sessionManagementDetail:
    allOf:
    - $ref: '#/definitions/sessionDetail'
    - type: object
      properties:
        servicePolicies:
          type: array
          items:
            $ref: '#/definitions/entityRef'
  sessionManagementList:
    type: array
    items:
      $ref: '#/definitions/sessionManagementDetail'
  sessionRoutePathDetail:
    type: object
    properties:
      routePath:
        type: array
        items:
          type: string
  specBodyDetail:
    type: string
  specDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - name
      properties:
        name:
          type: string
  specList:
    type: array
    items:
      $ref: '#/definitions/specDetail'
  subTags:
    type: object
    additionalProperties:
      type: object
  tags:
    description: 'A map of user defined fields and values. The values are limited
      to the following types/values: null, string, boolean'
    allOf:
    - $ref: '#/definitions/subTags'
    x-nullable: true
  terminatorCost:
    type: integer
    maximum: 65535
    minimum: 0
  terminatorCostMap:
    type: object
    additionalProperties:
      $ref: '#/definitions/terminatorCost'
  terminatorCreate:
    type: object
    required:
    - service
    - router
    - address
    - binding
    properties:
      address:
        type: string
      binding:
        type: string
      cost:
        $ref: '#/definitions/terminatorCost'
      identity:
        type: string
      identitySecret:
        type: string
        format: byte
      precedence:
        $ref: '#/definitions/terminatorPrecedence'
      router:
        type: string
      service:
        type: string
      tags:
        $ref: '#/definitions/tags'
  terminatorDetail:
    type: object
    allOf:
    - $ref: '#/definitions/baseEntity'
    - type: object
      required:
      - serviceId
      - service
      - routerId
      - router
      - binding
      - address
      - identity
      - cost
      - precedence
      - dynamicCost
      properties:
        address:
          type: string
        binding:
          type: string
        cost:
          $ref: '#/definitions/terminatorCost'
        dynamicCost:
          $ref: '#/definitions/terminatorCost'
        identity:
          type: string
        precedence:
          $ref: '#/definitions/terminatorPrecedence'
        router:
          $ref: '#/definitions/entityRef'
        routerId:
          type: string
        service:
          $ref: '#/definitions/entityRef'
        serviceId:
          type: string
  terminatorList:
    type: array
    items:
      $ref: '#/definitions/terminatorDetail'
  terminatorPatch:
    type: object
    properties:
      address:
        type: string
      binding:
        type: string
      cost:
        $ref: '#/definitions/terminatorCost'
      precedence:
        $ref: '#/definitions/terminatorPrecedence'
      router:
        type: string
      service:
        type: string
      tags:
        $ref: '#/definitions/tags'
  terminatorPrecedence:
    type: string
    enum:
    - default
    - required
    - failed
  terminatorPrecedenceMap:
    type: object
    additionalProperties:
      $ref: '#/definitions/terminatorPrecedence'
  terminatorUpdate:
    type: object
    required:
    - service
    - router
    - address
    - binding
    properties:
      address:
        type: string
      binding:
        type: string
      cost:
        $ref: '#/definitions/terminatorCost'
      precedence:
        $ref: '#/definitions/terminatorPrecedence'
      router:
        type: string
      service:
        type: string
      tags:
        $ref: '#/definitions/tags'
  traceDetail:
    type: object
    properties:
      enabled:
        type: boolean
      traceId:
        type: string
      until:
        type: string
        format: date-time
  traceDetailEnvelope:
    type: object
    required:
    - meta
    - data
    properties:
      data:
        $ref: '#/definitions/traceDetail'
      meta:
        $ref: '#/definitions/meta'
  traceSpec:
    type: object
    properties:
      channels:
        type: array
        items:
          type: string
      duration:
        type: string
      enabled:
        type: boolean
      traceId:
        type: string
  username:
    type: string
    maxLength: 100
    minLength: 4
  usernameNullable:
    type: string
    maxLength: 100
    minLength: 4
    x-nullable: true
  version:
    type: object
    properties:
      apiVersions:
        type: object
        additionalProperties:
          type: object
          additionalProperties:
            $ref: '#/definitions/apiVersion'
      buildDate:
        type: string
        example: "2020-02-11 16:09:08"
      capabilities:
        type: array
        items:
          type: string
      revision:
        type: string
        example: ea556fc18740
      runtimeVersion:
        type: string
        example: go1.13.5
      version:
        type: string
        example: v0.9.0
  versionInfo:
    type: object
    required:
    - os
    - version
    - arch
    - buildDate
    - revision
    properties:
      arch:
        type: string
      buildDate:
        type: string
      os:
        type: string
      revision:
        type: string
      version:
        type: string
securityDefinitions:
  oauth2:
    type: oauth2
    flow: accessCode
    authorizationUrl: /oidc/authorize
    tokenUrl: /oidc/token
    scopes:
      openid: openid
  ztSession:
    description: An API Key that is provided post authentication
    type: apiKey
    name: zt-session
    in: header