ZCSPM
Onboard Cloud Account API
The Cloud Account API allows you to automate cloud account onboarding via our REST API. The following cloud providers are supported:
- Amazon Web Services (AWS) Onboarding
Prerequisites
As a prerequisite for AWS cloud account onboarding, you must complete steps 1 through 3 in the AWS Accounts Onboarding Guide.
POST https://<CLOUDNEETI API DOMAIN>/onboarding/license/<LICENSE ID>/account/awsEnvironment Values for ZCSPM API Domain PROD api.cloudneeti.com TRIAL trialapi.cloudneeti.com URI Parameters
Parameter Description Required/Optional license ZCSPM License Id Required Authorization
Type Description Required/Optional Bearer Token License Token Required Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key generated Request Body
To learn more about prerequisites for AWS cloud accounts, see the AWS Accounts Onboarding Guide.
{ "AccountName": "<ACCOUNT NAME>", "AWSAccountId": "<AWS ACCOUNT ID>", "AWSRoleName": "<AWS ROLE NAME>" }Response
Name Type Description accountId String ZCSPM AWS cloud account id onboarded jobId String ZCSPM AWS cloud account scan job id statusCode Integer ZCSPM API status code message String Response describing operation result as success or failed Sample Response
{ "result": { "accountId": "8457c2cd-b615-4c6e-8640-3b8491c89bfb", "jobId": "2e9035d8-db07-4404-a09c-93f5344a8d9d" }, "statusCode": 200, "message": "Request Successful" }Close - Microsoft Azure Onboarding
Prerequisistes
As a prerequisite for Azure cloud account onboarding, you must complete steps 1 through 8 in the Azure Subscription Onboarding Guide.
POST https://<CLOUDNEETI API DOMAIN>/onboarding/license/<LICENSE ID>/account/azureEnvironment Values for ZCSPM API Domain PROD api.cloudneeti.com TRIAL trialapi.cloudneeti.com URI Parameters
Parameter Description Required/Optional license ZCSPM License Id Required Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key generated Request Body
To learn more about prerequisites for Azure cloud accounts, see the Azure Subscription Onboarding Guide.
{ "AccountName": "<ACCOUNT NAME>", "DomainName": "<ACTIVE DIRECTORY DOMAIN NAME>", "TenantId": "<ACTIVE DIRECTORY ID>", "ADApplicationClientId": "<AD APPLICATION CLIENT ID>", "ADApplicationClientSecret": "<AD APPLICATION CLIENT SECRET>", "SubscriptionId":"<AZURE SUBSCRIPTION ID>" }Response
Name Type Description accountId String ZCSPM Azure cloud account id onboarded jobId String ZCSPM Azure cloud account scan job id statusCode Integer ZCSPM API status code message String Response describing operation result as success or failed Sample Response
{ "result": { "accountId": "5fc68c34-1225-413d-879b-02ff5e9c4d9c", "jobId": "bd3c2340-d50d-4dce-8deb-f6e996e2e696" }, "statusCode": 200, "message": "Request Successful" }Close - Microsoft Office 365 Onboarding
Prerequisites
As a prerequisite for Office 365 cloud account onboarding, you must complete steps 1 and 2 in the Office 365 Onboarding Guide.
POST https://<CLOUDNEETI API DOMAIN>/onboarding/license/<LICENSE ID>/account/officeEnvironment Values for ZCSPM API Domain PROD api.cloudneeti.com TRIAL trialapi.cloudneeti.com URI Parameters
Parameter Description Required/Optional license ZCSPM License Id Required Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key generated Request Body
To learn more about prerequisites for Office 365 cloud accounts, see the Office 365 Onboarding Guide
{ "AccountName": "<CLOUD ACCOUNT NAME>", "DomainName": "<ACTIVE DIRECTORY DOMAIN NAME>", "TenantId": "<ACTIVE DIRECTORY ID>", "ADApplicationClientId": "<AD APPLICATION CLIENT ID>", "ADApplicationClientSecret": "<AD APPLICATION CLIENT SECRET>" }Response
Name Type Description accountId String ZCSPM Office 365 cloud account id onboarded jobId String ZCSPM Office 365 cloud account scan job id statusCode Integer ZCSPM API response status code message String Response describing operation result as success or failed Sample Response
{ "result": { "accountId": "20103420-7be6-4969-b1d2-cffd943033e3", "jobId": "53f7d814-14ed-4981-85ef-d1862047f54b" }, "statusCode": 200, "message": "Request Successful" }Close - GCP Project-based Onboarding
- Onboarding a Project with a new Service Account
Prerequisites
You need to have the following permissions on a project to onboard it on the ZCSPM Admin Portal:
- Project Viewer Role on the project you intend to onboard
- Project Viewer Role on the project that has the Service Account
- Cloud Asset Viewer Role
If you need the Service Account created on the same project you intend to onboard, then you need to give the project viewer role for the single project.
You need to enable the following API access on your GCP project:
- Cloud Resource Manager API
- Cloud Asset API
- Service Usage API on the project that has the Service Account
- Service Usage API on the project you intend to onboard
URI
POST https://<ZCSPM API Domain>/onboarding/license/<License ID>/account/gcpProjects
Parameter Value ZCSPM API Domain - For the PROD Environment: api.cloudneeti.com
- For the TRIAL Environment: trialapi.cloudneeti.com
License ID ZCSPM License ID Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key Request Body
{ "type": "service_account", "project_id": “<project_id>”, "private_key_id": "<private_key_id>", "private_key": "<private key>", "client_email": "<client_email>", "client_id": "<client_id>", "auth_uri": "<auth_uri>", "token_uri": "<token_uri>", "auth_provider_x509_cert_url": "<auth_provider_x509_cert_url>", "client_x509_cert_url": "<client_x509_cert_url>", "ProjectIds": [ "<project_ID_1>", "<project_id_2>" ], "IsExisting": false }Response
Close{ "result": "true", "statusCode": 200, "message": "Request Successful" } - Onboarding a Project with an existing Service Account
Prerequisites
You need to have the following permissions on a project to onboard it on the ZCSPM Admin Portal:
- Project Viewer Role on the project you intend to onboard
- Project Viewer Role on the project that has the Service Account
- Cloud Asset Viewer Role
If you need the Service Account created on the same project you intend to onboard, then you need to give the project viewer role for the single project.
You need to enable the following API access on your GCP project:
- Cloud Resource Manager API
- Cloud Asset API
- Service Usage API on the project that has the Service Account
- Service Usage API on the project you intend to onboard
URI
POST https://<ZCSPM API Domain>/onboarding/license/<License ID>/account/gcpProjects
Parameter Value ZCSPM API Domain - For the PROD Environment: api.cloudneeti.com
- For the TRIAL Environment: trialapi.cloudneeti.com
License ID ZCSPM License ID Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key Request Body
{ "client_email":"<client_email>", "ProjectIds": [ "<project_ID_1>", "<project_id_2>" ], "IsExisting": true }Response
Close{ "result": "true", "statusCode": 200, "message": "Request Successful" }
- Onboarding a Project with a new Service Account
- GCP Organization-based Onboarding
- Onboarding a newly created Organization and a new Service Account
Prerequisites
You need to have the following permissions on a project to onboard it on the ZCSPM Admin Portal:
- Organization Role Viewer
- Folder Viewer Role
- Project Viewer Role
- Cloud Asset Viewer Role
You need to enable the following API access on your GCP project:
- Cloud Resource Manager API
- Cloud Asset API
- Service Usage API on the project that has the Service Account
- Service Usage API on the project you intend to onboard
URI
POST https://<ZCSPM API Domain>/onboarding/license/<License ID>/account/gcpOrganization
Parameter Value ZCSPM API Domain - For the PROD Environment: api.cloudneeti.com
- For the TRIAL Environment: trialapi.cloudneeti.com
License ID ZCSPM License ID Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key Request Body
{ "type": "service_account", "project_id": “<project_id>”, "private_key_id": "<private_key_id>", "private_key": "<private key>", "client_email": "<client_email>", "client_id": "<client_id>", "auth_uri": "<auth_uri>", "token_uri": "<token_uri>", "auth_provider_x509_cert_url": "<auth_provider_x509_cert_url>", "client_x509_cert_url": "<client_x509_cert_url>", "OrganizationId":"<OrganizationID>", "IsExisting": false, "IsAutoSyncEnable": false }Response
Close{ "result": "true", "statusCode": 200, "message": "Request Successful" } - Onboarding an existing Organization
Prerequisites
You need to have the following permissions on a project to onboard it on the ZCSPM Admin Portal:
- Organization Role Viewer
- Folder Viewer Role
- Project Viewer Role
- Cloud Asset Viewer Role
You need to enable the following API access on your GCP project:
- Cloud Resource Manager API
- Cloud Asset API
- Service Usage API on the project that has the Service Account
- Service Usage API on the project you intend to onboard
URI
POST https://<ZCSPM API Domain>/onboarding/license/<License ID>/account/gcpOrganization
Parameter Value ZCSPM API Domain - For the PROD Environment: api.cloudneeti.com
- For the TRIAL Environment: trialapi.cloudneeti.com
License ID ZCSPM License ID Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key Request Body
{ "OrganizationId":"<OrganizationID>", "IsExisting": true, "IsAutoSyncEnable": false }Response
Close{ "result": "true", "statusCode": 200, "message": "Request Successful" } - Onboarding a newly created Organization with selected Projects
Prerequisites
You need to have the following permissions on a project to onboard it on the ZCSPM Admin Portal:
- Organization Role Viewer
- Folder Viewer Role
- Project Viewer Role
- Cloud Asset Viewer Role
You need to enable the following API access on your GCP project:
- Cloud Resource Manager API
- Cloud Asset API
- Service Usage API on the project that has the Service Account
- Service Usage API on the project you intend to onboard
URI
POST https://<ZCSPM API Domain>/onboarding/license/<License ID>/account/gcpOrganizationProjects
Parameter Value ZCSPM API Domain - For the PROD Environment: api.cloudneeti.com
- For the TRIAL Environment: trialapi.cloudneeti.com
License ID ZCSPM License ID Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key Request Body
{ "type": "service_account", "project_id": “<project_id>”, "private_key_id": "<private_key_id>", "private_key": "<private key>", "client_email": "<client_email>", "client_id": "<client_id>", "auth_uri": "<auth_uri>", "token_uri": "<token_uri>", "auth_provider_x509_cert_url": "<auth_provider_x509_cert_url>", "client_x509_cert_url": "<client_x509_cert_url>", "OrganizationId":"<OrganizationID>", "ProjectIds": [ "<project_ID_1>", "<project_id_2>" ], "IsExisting": false, "IsAutoSyncEnable": false }Response
Close{ "result": "true", "statusCode": 200, "message": "Request Successful" } - Onboarding an existing Organization with selected Projects
Prerequisites
You need to have the following permissions on a project to onboard it on the ZCSPM Admin Portal:
- Organization Role Viewer
- Folder Viewer Role
- Project Viewer Role
- Cloud Asset Viewer Role
You need to enable the following API access on your GCP project:
- Cloud Resource Manager API
- Cloud Asset API
- Service Usage API on the project that has the Service Account
- Service Usage API on the project you intend to onboard
URI
POST https://<ZCSPM API Domain>/onboarding/license/<License ID>/account/gcpOrganizationProjects
Parameter Value ZCSPM API Domain - For the PROD Environment: api.cloudneeti.com
- For the TRIAL Environment: trialapi.cloudneeti.com
License ID ZCSPM License ID Header
Key Value Content-Type application/json Ocp-Apim-Subscription-Key ZCSPM API key Request Body
{ "OrganizationId":"<OrganizationID>", "ProjectIds": [ "<project_ID_1>", "<project_id_2>" ], "IsExisting": true, "IsAutoSyncEnable": false }Response
Close{ "result": "true", "statusCode": 200, "message": "Request Successful" }
- Onboarding a newly created Organization and a new Service Account