Skip to main content
POST
/
security-groups
Create a security group
curl --request POST \
  --url https://api.altostrat.io/security-groups \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "name": "Web Application Servers",
  "description": "Allows HTTP/S from the world and SSH from the office.",
  "rules": [
    {
      "direction": "inbound",
      "order": 10,
      "protocol": 6,
      "port": "443",
      "address": "0.0.0.0/0",
      "description": "Allow HTTPS"
    },
    {
      "direction": "inbound",
      "order": 20,
      "protocol": 6,
      "port": "80",
      "address": "0.0.0.0/0",
      "description": "Allow HTTP"
    },
    {
      "direction": "inbound",
      "order": 30,
      "protocol": 6,
      "port": "22",
      "address": "prfx_lst_0ujsswThIGTUYm2K8FjOOfxcYpw",
      "description": "Allow SSH from Office"
    }
  ],
  "sites": [
    "site_0ujsswThIGTUYm2K8FjOOfxcYpw",
    "site_0ujsswThIGTUYm2K8FjOOfxcYpz"
  ]
}'
{
  "id": "sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw",
  "name": "Default Web Servers",
  "description": "Allows inbound HTTP/HTTPS traffic from anywhere.",
  "status": "active",
  "sites": [
    "site_12345"
  ],
  "rules": [
    {
      "id": "fltr_0ujsswThIGTUYm2K8FjOOfxcYpw",
      "direction": "inbound",
      "order": 10,
      "protocol": 6,
      "port": "443",
      "address": "0.0.0.0/0",
      "description": "Allow inbound HTTPS traffic"
    }
  ]
}

Authorizations

โ€‹
Authorization
string
header
required

Authentication is performed via an Auth0-issued JSON Web Token (JWT). Provide the token in the Authorization header with the Bearer scheme.

Body

application/json

The details of the new security group.

Defines the writable properties for creating or updating a security group.

โ€‹
name
string
required

A human-readable name for the security group.

Required string length: 3 - 255
Example:

"Web Application Firewall"

โ€‹
rules
object[]
required

A list of firewall rules. The order of rules is determined by the order property within each rule object. The entire list of rules is replaced on update.

Maximum length: 250
โ€‹
sites
string[]
required

A list of site IDs to which this security group should be applied. The entire list of sites is replaced on update.

โ€‹
description
string | null

An optional description for the security group.

Maximum length: 1024
Example:

"Allows inbound HTTP/S and blocks common attack vectors."

Response

The security group was created successfully.

Represents a container for a stateful firewall ruleset.

โ€‹
id
string

The unique identifier for the security group, prefixed with sec_grp_.

Example:

"sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw"

โ€‹
name
string

A human-readable name for the security group.

Example:

"Default Web Servers"

โ€‹
description
string

An optional description for the security group, providing more context.

Example:

"Allows inbound HTTP/HTTPS traffic from anywhere."

โ€‹
status
enum<string>

The current synchronization status of the security group. syncing means changes are being deployed and the resource is locked from modification.

Available options:
active,
syncing,
failed
Example:

"active"

โ€‹
sites
string[]

A list of site IDs to which this security group is currently applied.

โ€‹
rules
object[]

An ordered list of firewall rules that define the security policy.