> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Retrieve a security group > Retrieves the complete details of a specific security group, including its name, description, status, associated sites, and a full list of its firewall rules. ## OpenAPI ````yaml /api/en/security-groups.yaml get /vpc/security-groups/{securityGroupId} openapi: 3.0.3 info: title: Altostrat Security Groups API version: 1.0.0 description: >- The Altostrat Security Groups API is the microservice responsible for the centralized management of stateful firewall rulesets and reusable IP address collections. It serves as the source of truth for all network security policies within the Altostrat SDX platform, translating abstract rules into concrete configurations that are asynchronously deployed to MikroTik routers. This API allows you to programmatically manage: - **Security Groups:** Containers for stateful firewall rules that define allowed inbound and outbound traffic for associated network sites. - **Prefix Lists:** Reusable, named collections of IP addresses and CIDR blocks that can be referenced within Security Group rules to simplify policy management. Developers use this API to programmatically define, manage, and automate network security policies at scale across their entire MikroTik infrastructure. servers: - url: https://v1.api.altostrat.io description: Production API Server security: [] tags: - name: Security Groups description: Manage firewall rule containers and their associations with network sites. - name: Prefix Lists description: Manage reusable collections of IP addresses and CIDR blocks. - name: Reference Data description: Retrieve static data like supported protocols and services. paths: /vpc/security-groups/{securityGroupId}: get: tags: - Security Groups summary: Retrieve a security group description: >- Retrieves the complete details of a specific security group, including its name, description, status, associated sites, and a full list of its firewall rules. operationId: getSecurityGroup parameters: - name: securityGroupId in: path required: true description: >- The unique identifier for the security group, prefixed with `sec_grp_`. schema: type: string pattern: ^sec_grp_[0-9a-zA-Z]{27}$ example: sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw responses: '200': description: The requested security group object. content: application/json: schema: $ref: '#/components/schemas/SecurityGroup' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' security: - bearerAuth: [] components: schemas: SecurityGroup: type: object description: Represents a container for a stateful firewall ruleset. properties: id: type: string description: >- The unique identifier for the security group, prefixed with `sec_grp_`. readOnly: true example: sec_grp_0ujsswThIGTUYm2K8FjOOfxcYpw name: type: string description: A human-readable name for the security group. example: Default Web Servers description: type: string description: >- An optional description for the security group, providing more context. example: Allows inbound HTTP/HTTPS traffic from anywhere. status: type: string description: >- The current synchronization status of the security group. `syncing` means changes are being deployed and the resource is locked from modification. readOnly: true enum: - active - syncing - failed example: active sites: type: array description: >- A list of site IDs to which this security group is currently applied. items: type: string example: site_12345 rules: type: array description: An ordered list of firewall rules that define the security policy. items: $ref: '#/components/schemas/FilterRule' FilterRule: type: object description: Represents a single firewall rule within a security group. properties: id: type: string description: The unique identifier for the filter rule, prefixed with `fltr_`. readOnly: true example: fltr_0ujsswThIGTUYm2K8FjOOfxcYpw direction: type: string description: The direction of traffic the rule applies to. enum: - inbound - outbound example: inbound order: type: integer description: >- The processing order of the rule, from lowest to highest. Must be unique within the security group. minimum: 1 maximum: 250 example: 10 protocol: type: integer description: >- The IP protocol number. Common values are `6` (TCP), `17` (UDP), `1` (ICMP). `0` represents all protocols. example: 6 port: type: string description: >- The destination port or port range. Required for protocols like TCP and UDP. Should be an empty string for protocols that do not use ports (e.g., ICMP). example: '443' address: type: string description: >- The source (for inbound) or destination (for outbound) address. Can be a CIDR block or a reference to a Prefix List ID (`prfx_lst_...`). example: 0.0.0.0/0 description: type: string description: A human-readable description for the rule. example: Allow inbound HTTPS traffic ErrorResponse: type: object properties: type: type: string description: A broad category for the error (e.g., 'invalid_request_error'). example: invalid_request_error code: type: string description: A short, unique string identifying the specific error. example: parameter_missing message: type: string description: A human-readable description of what went wrong. example: The 'name' parameter is required for this request. doc_url: type: string description: >- A direct link to the documentation page for this specific error code. example: https://docs.altostrat.io/errors/parameter_missing responses: Unauthorized: description: >- Unauthorized - The request requires authentication, and a valid Bearer token was not provided. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: Not Found - The requested resource does not exist. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: Internal Server Error - An unexpected error occurred on the server. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- Authentication is performed via an Auth0-issued JSON Web Token (JWT). Provide the token in the `Authorization` header with the `Bearer` scheme. ````