Citrix

Citrix Secure Private Access API

REST API for managing zero trust network access policies, applications, application domains, and certificates in Citrix Secure Private Access, providing secure access to internal web and SaaS applications.

GitHub OpenAPI

Documentation

📖
Documentation
https://developer-docs.citrix.com/en-us/secure-private-access/access-security/overview.html
📖
GettingStarted
https://developer-docs.citrix.com/en-us/secure-private-access/access-security/getting-started.html

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/citrix/refs/heads/main/openapi/citrix-secure-private-access-openapi.yml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/citrix/refs/heads/main/capabilities/secure-private-access-access-policies.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/citrix/refs/heads/main/capabilities/secure-private-access-application-domains.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/citrix/refs/heads/main/capabilities/secure-private-access-applications.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/citrix/refs/heads/main/capabilities/secure-private-access-certificates.yaml

OpenAPI Specification

citrix-secure-private-access-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Citrix Secure Private Access API
  description: >-
    REST API for managing zero trust network access policies, applications,
    application domains, and certificates in Citrix Secure Private Access,
    providing secure access to internal web and SaaS applications.
  version: '1.0'
  contact:
    name: Citrix Support
    url: https://support.citrix.com/
  termsOfService: https://developer.cloud.com/citrix-developer-terms-of-use
externalDocs:
  description: Secure Private Access API Documentation
  url: https://developer-docs.citrix.com/en-us/secure-private-access/access-security/overview.html
servers:
  - url: https://api.cloud.com/accessSecurity
    description: Citrix Cloud Production
tags:
  - name: Access Policies
    description: Manage zero trust access policies
  - name: Application Domains
    description: Manage application domain configurations
  - name: Applications
    description: Manage SaaS and web applications
  - name: Certificates
    description: Manage application certificates
security:
  - bearerAuth: []
paths:
  /applications:
    get:
      operationId: listApplications
      summary: Citrix List applications
      description: >-
        Retrieve all applications configured in Secure Private Access.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
      responses:
        '200':
          description: List of applications
          content:
            application/json:
              schema:
                type: object
                properties:
                  items:
                    type: array
                    items:
                      $ref: '#/components/schemas/Application'
        '401':
          description: Unauthorized
    post:
      operationId: createApplication
      summary: Citrix Create an application
      description: >-
        Create a new application configuration for secure private access.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateApplicationRequest'
      responses:
        '201':
          description: Application created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Application'
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
  /applications/{applicationId}:
    get:
      operationId: getApplication
      summary: Citrix Get an application
      description: >-
        Retrieve details of a specific application.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
        - $ref: '#/components/parameters/applicationId'
      responses:
        '200':
          description: Application details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Application'
        '401':
          description: Unauthorized
        '404':
          description: Application not found
    put:
      operationId: updateApplication
      summary: Citrix Update an application
      description: >-
        Update an existing application configuration.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
        - $ref: '#/components/parameters/applicationId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateApplicationRequest'
      responses:
        '200':
          description: Application updated
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
        '404':
          description: Application not found
    delete:
      operationId: deleteApplication
      summary: Citrix Delete an application
      description: >-
        Delete an application configuration.
      tags:
        - Applications
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
        - $ref: '#/components/parameters/applicationId'
      responses:
        '204':
          description: Application deleted
        '401':
          description: Unauthorized
        '404':
          description: Application not found
  /policies:
    get:
      operationId: listAccessPolicies
      summary: Citrix List access policies
      description: >-
        Retrieve all access policies configured for secure private access.
      tags:
        - Access Policies
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
      responses:
        '200':
          description: List of access policies
          content:
            application/json:
              schema:
                type: object
                properties:
                  items:
                    type: array
                    items:
                      $ref: '#/components/schemas/AccessPolicy'
        '401':
          description: Unauthorized
    post:
      operationId: createAccessPolicy
      summary: Citrix Create an access policy
      description: >-
        Create a new zero trust access policy.
      tags:
        - Access Policies
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateAccessPolicyRequest'
      responses:
        '201':
          description: Access policy created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AccessPolicy'
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
  /certificate:
    post:
      operationId: createCertificate
      summary: Citrix Upload a certificate
      description: >-
        Upload a new SSL certificate for use with applications.
      tags:
        - Certificates
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateCertificateRequest'
      responses:
        '201':
          description: Certificate uploaded
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
  /application/{applicationId}/domain/{encodedURL}:
    get:
      operationId: getApplicationDomainCertificate
      summary: Citrix Get domain certificate for an application
      description: >-
        Retrieve the certificate associated with a specific application domain.
      tags:
        - Application Domains
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
        - $ref: '#/components/parameters/applicationId'
        - name: encodedURL
          in: path
          required: true
          description: URL-encoded domain name
          schema:
            type: string
      responses:
        '200':
          description: Certificate details for the domain
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
        '401':
          description: Unauthorized
        '404':
          description: Domain or certificate not found
    put:
      operationId: associateDomainCertificate
      summary: Citrix Associate certificate with application domain
      description: >-
        Associate an SSL certificate with a specific application domain.
      tags:
        - Application Domains
      parameters:
        - $ref: '#/components/parameters/CitrixCustomerId'
        - $ref: '#/components/parameters/applicationId'
        - name: encodedURL
          in: path
          required: true
          description: URL-encoded domain name
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                certificateId:
                  type: string
                  description: ID of the certificate to associate
      responses:
        '200':
          description: Certificate associated
        '400':
          description: Invalid request
        '401':
          description: Unauthorized
        '404':
          description: Application or domain not found
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: OAuth 2.0 bearer token from Citrix Cloud authentication
  parameters:
    CitrixCustomerId:
      name: Citrix-CustomerId
      in: header
      required: true
      description: Citrix Cloud customer ID
      schema:
        type: string
    applicationId:
      name: applicationId
      in: path
      required: true
      description: Application unique identifier
      schema:
        type: string
        format: uuid
  schemas:
    Application:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Unique identifier for the application
        name:
          type: string
          description: Application name
        description:
          type: string
          description: Application description
        url:
          type: string
          format: uri
          description: Application URL
        appType:
          type: string
          enum:
            - SaaS
            - Web
          description: Type of application
        enabled:
          type: boolean
          description: Whether the application is enabled
        domains:
          type: array
          items:
            type: string
          description: Associated domains
    CreateApplicationRequest:
      type: object
      required:
        - name
        - url
        - appType
      properties:
        name:
          type: string
          description: Application name
        description:
          type: string
          description: Application description
        url:
          type: string
          format: uri
          description: Application URL
        appType:
          type: string
          enum:
            - SaaS
            - Web
          description: Type of application
    UpdateApplicationRequest:
      type: object
      properties:
        name:
          type: string
          description: Updated application name
        description:
          type: string
          description: Updated description
        url:
          type: string
          format: uri
          description: Updated URL
        enabled:
          type: boolean
          description: Whether the application is enabled
    AccessPolicy:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Policy unique identifier
        name:
          type: string
          description: Policy name
        description:
          type: string
          description: Policy description
        enabled:
          type: boolean
          description: Whether the policy is active
        priority:
          type: integer
          description: Policy evaluation priority
        conditions:
          type: object
          description: Policy conditions for matching
        actions:
          type: object
          description: Actions to apply when policy matches
    CreateAccessPolicyRequest:
      type: object
      required:
        - name
      properties:
        name:
          type: string
          description: Policy name
        description:
          type: string
          description: Policy description
        conditions:
          type: object
          description: Policy conditions
        actions:
          type: object
          description: Policy actions
    Certificate:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Certificate unique identifier
        name:
          type: string
          description: Certificate name
        subject:
          type: string
          description: Certificate subject
        issuer:
          type: string
          description: Certificate issuer
        expirationDate:
          type: string
          format: date-time
          description: Certificate expiration date
    CreateCertificateRequest:
      type: object
      required:
        - name
        - certificate
        - privateKey
      properties:
        name:
          type: string
          description: Certificate name
        certificate:
          type: string
          description: PEM-encoded certificate
        privateKey:
          type: string
          description: PEM-encoded private key