![white-logo.png]](https://www.livingsecurity.com/hs-fs/hubfs/white-logo.png?height=40&name=white-logo.png){kind=logo}
Unify Integrations - Unify API V1 Overview
For customers who seek to push organization unique information, or data from tools that currently do not support a direct integration, the Unify API can help provide a path for data.
Table of Contents
📚 Overview
The Unify API V1 enables customers and Living Security engineers to push event data to the Unify platform, as an alternative to direct vendor API integration for purposes of data ingestion. This enables customers with on-premise data sources or custom data security/conversion requirements to prepare their data in their own environments, and push only the data they want Unify to process.
With the help of Living Security resources and engagement from stakeholders within your environment, your organization can leverage the functionality of the Unify API to push data to the Unify product.
❗There are a number of pre-requisites in order for the Unify API to be used as a resource to push data. Below are those that must be addressed with Living Security Resources:
- Your organization will not have the Unify API enabled for your tenant at the outset. You must reach out to your Customer Success Manager to request that this functionality be enabled for your Unify tenant.
- It is highly recommended that your organization's stakeholders engage with Living Security assets, such as our engineering resources available to you, to cover practical data needs and processes for implementing this functionality. Please engage your Customer Success Manager to request for this support.
⚠️ General Guidance & Expectations
The Unify API V1 is a REST/HTTP API and usage requires knowledge of REST/HTTP API conventions and semantics, and compliance with the API’s expectations and specifications.
🌐 Hosts
All Unify regions support the Unify API V1. The hostnames for the APIs are as follows:
|
Unify Region |
Host |
|---|---|
|
NA - North America |
unify.api.livingsecurity.com |
|
EU - Europe |
unify.api.eu.livingsecurity.com |
All Endpoints listed below must be prefixed with /v1
📖 Content Types
The Unify API V1 currently supports JSON requests and responses only, though it may support content types other than JSON in the future for both request and response payloads.
All requests should include a "content-type: application/json" header, and all responses will include a "content-type: application/json" header. Any request made without this header will be rejected.
💬 Responses
Every request made to the Unify API V1 returns a response that includes a JSON body (documented below) as well as HTTP response codes and HTTP Headers. Clients of the Unify API V1 are expected to understand and respect all HTTP response codes below:
|
Code |
Name |
Description |
|---|---|---|
|
200 |
OK |
The request succeeded |
|
400 |
Bad Request |
The request could not be fulfilled due to a malformed payload |
|
401 |
Unauthorized |
The request could not be fulfilled because an API Token was either not provided, was invalid, was expired, or was disabled/revoked |
|
403 |
Forbidden |
The request could not be fulfilled because the client was not authorized to access the resource(s) being requested |
|
404 |
Not Found |
A resource referenced in the request was not found. For example, a Service ID or Stream ID |
|
413 |
Content Too Large |
The request could not be fulfilled because the payload was larger than maximum allowed payload size |
|
429 |
Too Many Requests |
The request could be be fulfilled because a rate limit has been exceeded |
|
500 |
Internal Server Error |
There was an error processing the request. This is generally not resolvable by the client and support should be enlisted when this error code persists. |
The Unify API V1 enforces rate limits, both to prevent high bursts of requests at any given moment, and to limit the total number of requests that can be made in a day. Clients of the API are expected to respect the rate limits, and to back off when a rate limit is reached. As indicated in the Responses section above, all rate limited requests will return an HTTP code of 429.
Please talk with your Client Success Manager and Field Engineer about how to work within your rate limits, or to modify your rate limits.
🔬 Evolution
The Unify API V1 may evolve in time to include additional capabilities, which will be documented here. However, the API will be backward compatible with all API specifications documented here for the life of the API.
💾 Deprecation
The Unify API V1 may be deprecated in the future, in lieu of a new API (e.g., a V2) with different features and semantics. If the Unify API V1 is deprecated, your Client Success Manager and Field Engineer will notify of you of the deprecation well in advance of the API’s end of life date, and work with you to transition to the new/alternative API.
🗺️ Getting Started
To get started with the Unify API V1 please speak with your Client Success Manager about enabling the API in your Unify Tenant.
Once the API is enabled, your Living Security Client Success Manager and Field Engineer can help you determine the best technical path for interacting with the Unify API V1. Options include but are by no means limited to:
-
Logstash OSS - The free and open-source version of Elastic’s Logstash utility can be easily configured to collect data from a variety of on-premise sources (files, syslog, etc), and push the data directly to the Unify API V1.
-
Vendor Forwarders - Some on-premise products, including ZScaler and Splunk, can forward events via Syslog to a collector like Logstash. Other products, like ZScaler’s Cloud NSS feed, can be configured to push events directly to the Unify API V1 without an collector in between. Any forwarder that can conform with the API’s expectations and HTTP semantics may be used.
-
Custom code - Since the Unify API V1 is a REST API, any modern programming language can be easily used to process data and push it to the API via HTTP. Examples will be provided upon request.
-
Future SDK - while there is no Unify SDK currently, SDKs in a variety of languages may be made available in the future.
🔒 Authentication
The Unify API V1 utilizes bearer tokens for authentication. Tokens generated in the Unify platform are sensitive, should be stored in a secure vault (such as a password manager), and should never be shared with anyone. Additionally, the Unify platform never stores or logs the API Secrets in plain text.
Please see this article for instructions on how to generate a Unify API Token.
To authenticate to the Unify API V1, your API Token must be included in every request. The API token must be provided in the x-api-key Header, and structured as <api key>.<api secret>. Following the example above, you would provide your API key like so:
x-api-key: [api key].[api secret value]
🚪Endpoints
The following are Endpoints currently supported by the Unify API V1
📤 POST - /services/{Service ID}/streams/{Stream ID}/events
This endpoint supports ingestion of Events for a given Service and Stream. Services and Streams can be set up in the Unify Platform, and once they are set up Events may be pushed to Unify and associated with those Services and Streams.
Please work with your Client Success Manager and Field Engineer to determine how best to format the data you’re sending to Unify via this endpoint.
❓Request Structure
|
Protocol |
HTTPS |
Only HTTPS is supported |
|
Host |
unify.api.livingsecurity.com |
|
|
Version |
/v1 |
|
|
Services Resource |
/services |
|
|
Service ID |
/aaaaaaaa-22c1-1111-bd9b-7ca5fa5938d8 |
The UUID of your Service |
|
Streams Resource |
/streams |
|
|
Stream ID |
/bbbbbbbb-35db-1111-888d-47337e3ebb0e |
The UUID of your Stream |
|
Events Resource |
/events |
|
|
HTTP VERB |
POST |
|
|
Header |
content-type |
application/json (if JSON) or text/csv( if payload is CSV) |
|
Header |
x-api-key |
<api key>.<api secret> |
|
Body |
JSON payload |
Body documented below |
💬 cURL example:
curl -v -XPOST -H "content-type:application/json" -H "x-api-key:[api key].[api secret value]" "https://unify.api.livingsecurity.com/v1/services/aaaaaaaa-22c1-1111-bd9b-7ca5fa5938d8/streams/bbbbbbbb-35db-1111-888d-47337e3ebb0e/events" -d ‘[{"test":"test"}]’
📦 Request Body
The request body must be a valid JSON array with between 1 and 100 JSON objects. If more than 100 JSON objects are included, the Unify API V1 will respond with a 413 Content Too Large response code.
Because Unify is able to handle arbitrary JSON structures and convert/map those structures post-ingestion, the JSON objects in the JSON array can be in any structure provided that the structure is valid JSON and consistent across objects, and provided that a Unify Converter has been defined and associated with the relevant Service and Stream. Please talk to your Client Success Manager and Field Engineer about defining a Unify Converter.
* This endpoint does not currently support a strong/strict JSON schema, but will in the future.
Example request body:
[ {"field": "one", "field2": "two"}, {"field": "three", "field2": "four"}, {"field": "five", "field2": "six"}, {"field": "seven", "field2": "eight"} ]
📩 Response Body
The JSON response body is intended to be a convenient way to understand whether your request succeeded or failed, and may include hints as to why a failure occurred to help in debugging your integration with the API. However, the JSON response bodies are not meant to be used programmatically - for example, to detect a failure and retry a request. As indicated above, please use the HTTP response codes for this purpose.
|
Field |
Description |
Nullable |
|---|---|---|
|
message |
A terse message indicating what happened with the request. Message is often consistent with HTTP response, but messages may change and should not be used programmatically. |
Yes |
|
statusCode |
The HTTP status code. This value is provided for convenience in the response body and should not be used programmatically. HTTP response codes in the HTTP response itself should be used for this purpose. |
No |
|
hint |
An additional, more verbose message indicating what happened with the request |
Yes |
|
converted |
The # of events successfully converted |
No |
|
delivered |
The # of events successfully delivered |
No |
{ "message": "OK", "statusCode": 200, "hint": null "converted": 100, "delivered": 100, }
📤POST - /impact-modifiers
This endpoint supports associating Identities with Impact Modifiers. Identities are identified by exactly 1 alias (typically an EMAIL alias) and may be associated with 1 or more Impact Modifiers, shown in the list below (current at the time of writing):
CONTRACTOR
ELEVATED_ACCESS
EXECUTIVE
LEAVER
NEW_HIRE
PERFORMANCE_IMPROVEMENT
REMOTE_EMPLOYEE
SECURITY_TEAM
SENSITIVE_DATA_ACCESS
TENURED
Request Structure
|
Protocol |
https |
Only HTTPS is supported |
|
Host |
|
|
|
Version |
|
|
|
Resource |
|
|
|
Streams Resource |
/streams |
|
|
Header |
content-type |
|
|
Header |
x-api-key |
|
|
Body |
JSON payload |
Body documented below |
cURL example:
curl -v -XPOST \ -H "content-type:application/json" \ -H "x-api-key:3mt9uvvcbbhk.y6Ue1fddPOsV3RhRgrqjJfrncHuH4uxF" \ "https://unify.api.livingsecurity.com/v1/impact-modifiers" \ -d @/path/to/body.json
Request Body
The request body must be a valid JSON array of Impact Modifier update entries like the following:
{
"alias": {
"type": "EMAIL",
"normalized": "foo@example.com"
},
"modifiers": [
{ "type": "EXECUTIVE", "action": "create" }
]
}
-
In practice,
EMAILis always the preferred aliastype -
The
normalizedemail must be one of the email aliases associated with the Identity within Unify. -
The modifier
typemust be one of the supported modifiers listed above. -
The supported actions are
createanddelete. -
The
modifiersarray may include multiple updates for the targeted Identity.
Example request body:
[
{
"alias": { "type": "EMAIL", "normalized": "foo@example.com" },
"modifiers": [
{ "action": "create", "type": "EXECUTIVE" }
]
},
{
"alias": { "type": "EMAIL", "normalized": "bar@example.com" },
"modifiers": [
{ "action": "delete", "type": "CONTRACTOR" },
{ "action": "create", "type": "REMOTE_EMPLOYEE" },
{ "action": "create", "type": "ELEVATED_ACCESS" }
]
}
]
Response Body
{
"message": "OK",
"converted": 2,
"delivered": 2,
"statusCode": 200,
"hint": null
}
