Secure Internet and SaaS Access (ZIA)
Adding SD-WAN Partner API Roles
Watch a video about SD-WAN Partner APIs.
An SD-WAN partner API role is a specific role for API access to the ZIA Cloud Service APIs. SD-WAN partner APIs cannot be users; only administrators can be assigned to an SD-WAN partner API role. SD-WAN partner APIs can:
- Make API calls to endpoints that have to do with building tunnels and mapping tunnels to locations.
- Only access API endpoints, no ZIA Admin Portal interactive login allowed.
- Only perform API calls as it relates to Software-Defined Wide Area Network (SD-WAN) partners, depending on the use case.
- Have API access using programmatic API calls.
- Be assigned to read only or read-write permissions to the API endpoints group given in the following procedure.
SD-WAN partner APIs do not have permission to perform the following tasks:
- Update policy configurations
- Create or delete users, grant users access to the ZIA Admin Portal
- Change properties or settings within the ZIA Admin Portal
An SD-WAN partner API is not the same as a System Integration partner.
To add an SD-WAN partner API role:
- Go to Administration > Role Management.
- Click Add SD-WAN Partner API Role.
In the Add SD-WAN Partner API Role window:
- Name: Enter a name for the SD-WAN partner API role.
- Access Control: Choose one of the following permissions:
- Full: Allows SD-WAN partner APIs to view and edit locations and VPN credentials that the partner is managing via the cloud service API.
- View Only: Allows SD-WAN partner APIs to view, but not edit, locations and VPN credentials that the partner is managing via the cloud service API.
- Partner Access: The integration types the SD-WAN partner API can access via the cloud service API. If an SD-WAN partner API role does not have access, the option to get or update resources via API will not be available.
- SD- WAN API Partner access permission allows SD-WAN partner APIs to access the following API endpoints:
- Click Save and activate the change.